Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/rohenaz/go-map
Library for working with Magic Attribute Protocol in Go and used in conjunction with a Tape from go-bob
go-map requires a supported release of Go.
go get -u github.com/bitcoinschema/go-map
View the generated documentation
Library Deployment
goreleaser for easy binary or library deployment to GitHub and can be installed via: brew install goreleaser
.
The .goreleaser.yml file is used to configure goreleaser.
Use make release-snap
to create a snapshot version of the release, and finally make release
to ship to production.
Makefile Commands
View all makefile
commands
make help
List of all current commands:
all Runs multiple commands
clean Remove previous builds and any test cache data
clean-mods Remove all the Go mod cache
coverage Shows the test coverage
diff Show the git diff
generate Runs the go generate command in the base of the repo
godocs Sync the latest tag with GoDocs
help Show this help message
install Install the application
install-go Install the application (Using Native Go)
install-releaser Install the GoReleaser application
lint Run the golangci-lint application (install if not found)
release Full production release (creates release in Github)
release Runs common.release then runs godocs
release-snap Test the full release (build binaries)
release-test Full production test release (everything except deploy)
replace-version Replaces the version in HTML/JS (pre-deploy)
tag Generate a new tag and push (tag version=0.0.0)
tag-remove Remove a tag if found (tag-remove version=0.0.0)
tag-update Update an existing tag to current commit (tag-update version=0.0.0)
test Runs lint and ALL tests
test-ci Runs all tests via CI (exports coverage)
test-ci-no-race Runs all tests via CI (no race) (exports coverage)
test-ci-short Runs unit tests via CI (exports coverage)
test-no-lint Runs just tests
test-short Runs vet, lint and tests (excludes integration tests)
test-unit Runs tests and outputs coverage
uninstall Uninstall the application (and remove files)
update-linter Update the golangci-lint package (macOS only)
vet Run the Go vet application
All unit tests and examples run via GitHub Actions and uses Go version 1.23.x. View the configuration file.
Run all tests (including integration tests)
make test
Run tests (excluding integration tests)
make test-short
Run the Go benchmarks:
make bench
Read more about this Go project's code standards.
Checkout all the examples!
Satchmo | MrZ |
View the contributing guidelines and follow the code of conduct.
All kinds of contributions are welcome :raised_hands:! The most basic way to show your support is to star :star2: the project, or to raise issues :speech_balloon:. You can also support this project by becoming a sponsor on GitHub :clap: or by making a bitcoin donation to ensure this journey continues indefinitely! :rocket:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.