Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/gravityblast/fresh
Fresh is a command line tool that builds and (re)starts your web application everytime you save a Go or template file.
If the web framework you are using supports the Fresh runner, it will show build errors on your browser.
It currently works with Traffic, Martini and gocraft/web.
go install github.com/gravityblast/fresh@latest
cd /path/to/myapp
Start fresh:
fresh
Fresh will watch for file events, and every time you create/modify/delete a file it will build and restart the application.
If go build
returns an error, it will log it in the tmp folder.
Traffic already has a middleware that shows the content of that file if it is present. This middleware is automatically added if you run a Traffic web app in dev mode with Fresh.
Check the _examples
folder if you want to use it with Martini or Gocraft Web.
fresh
uses ./runner.conf
for configuration by default, but you may specify an alternative config filepath using -c
:
fresh -c other_runner.conf
Here is a sample config file with the default settings:
root: .
tmp_path: ./tmp
build_name: runner-build
build_log: runner-build-errors.log
valid_ext: .go, .tpl, .tmpl, .html
no_rebuild_ext: .tpl, .tmpl, .html
ignored: assets, tmp
build_delay: 600
colors: 1
log_color_main: cyan
log_color_build: yellow
log_color_runner: green
log_color_watcher: magenta
log_color_app:
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.