
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
github.1485827954.workers.dev/open-telemetry/opentelemetry-go-build-tools
Build tools for use by the Go API/SDK, the collector, and their associated contrib repositories
This repository provides tooling for OpenTelemetry Go projects. Below are overviews and examples of each provided tools:
gotmpl
gotmpl
generates files from Go templates and JSON data.
gotmpl --body=template.tmpl --data='{"key":"value"}' --out=output.go
gotmpl
is designed to be used with go generate
to generate code or
configuration files from templates.
//go:generate gotmpl --body=../internal/shared/env.go.tmpl "--data={ \"pkg\": \"jaeger\" }" --out=env.go
issuegenerator
Generates an issue if any test fails in CI.
chloggen
Generates a CHANGELOG
file from individual change YAML files.
# generates a new change YAML file from a template
chloggen new -filename <filename>
# validates all change YAML files
chloggen validate
# provide a preview of the generated changelog file
chloggen update -dry
# updates the changelog file
chloggen update -version <version>
checkapi
Analyzes a Go module's API surface and enforces restrictions.
checkapi -folder . -config config.yaml
crosslink
Manages multiple go.mod
files and intra-repository dependencies.
# Insert/overwrite replace statements for intra-repo dependencies
crosslink --root=/path/to/repo
# Remove unnecessary replace statements
crosslink prune
crosslink --root=/path/to/repo --prune
# Overwrite existing replace statements
crosslink --root=/path/to/repo --overwrite
# Generate or update go.work file
crosslink work --root=/path/to/repo
checkfile
Checks that components in OpenTelemetry core and contrib repos contain a required file.
checkfile --project-path path/to/project \
--component-rel-path service/defaultcomponents/defaults.go \
--module-name go.opentelemetry.io/collector \
--file-name README.md
githubgen
Generates .github/CODEOWNERS
and .github/ALLOWLIST
files.
githubgen --skipgithub --folder . --github-org "open-telemetry" \
--default-codeowner open-telemetry/opentelemetry-collector-approvers \
--allowlist cmd/githubgen/allowlist.txt
To authenticate for GitHub API, set a GITHUB_TOKEN
environment variable.
dbotconf
dbotconf
is a Go-based tool for management of dependabot configuration. It
provides the generate
and verify
commands to create and validate
dependabot configuration files.
# Generate configuration files
dbotconf generate
# Verify existing configuration files
dbotconf verify
multimod
Tooling to support versioning of multiple Go modules in a repository.
# Verify module versioning configuration.
./multimod verify
# Prepare a pre-release commit.
./multimod prerelease --module-set-name <name>
# Tag the new release commit.
./multimod tag --commit-hash <hash>
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.