Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/Ambrevar/Demlo
Demlo is a music library organizer. It can encode, fix case, change folder hierarchy according to tags or file properties, tag from an online database, copy covers while ignoring duplicates or those below a quality threshold, and much more. It makes it possible to manage your libraries uniformly and dynamically. You can write your own rules to fit your needs best.
Demlo aims to be as lightweight and portable as possible. Its only big dependency is the transcoder FFmpeg. The scripts are written in Lua for portability and speed while allowing virtually unlimited extensibility.
Compile-time dependencies:
Runtime dependencies:
Optional dependencies:
Set up a Go environment (see https://golang.org/doc/install) and run:
$ go get github.com/ambrevar/demlo
The version number is set at compilation time. To package a specific version,
checkout the corresponding tag and set version
from the build command, e.g.:
go build -ldflags "-X main.version=r$(git rev-list --count HEAD).$(git describe --tags --always).$(git log -1 --format="%cd" --date=short)"
or simply
go build -ldflags "-X main.version=$(git describe --tags --always)"
To build statically (assuming you have all the required static libraries at hand):
go build -ldflags '-extldflags "-static -ldl -lm -lz -lstdc++"'
Install the files as follows:
demlo -> /usr/{local/}bin/demlo
demlorc -> /usr/{local/}share/demlo/demlorc
scripts/ -> /usr/{local/}share/demlo/scripts/
See demlo -h
and the home page.
See LICENSE.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.