Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/takatoshi-maeda/awgo
Full-featured library to build lightning-fast workflows in a jiffy.
Install AwGo with:
go get -u github.com/deanishe/awgo
Typically, you'd call your program's main entry point via Workflow.Run()
.
This way, the library will rescue any panic, log the stack trace and show
an error message to the user in Alfred.
program.go:
package main
// Package is called aw
import "github.com/deanishe/awgo"
// Workflow is the main API
var wf *aw.Workflow
func init() {
// Create a new Workflow using default settings.
// Critical settings are provided by Alfred via environment variables,
// so this *will* die in flames if not run in an Alfred-like environment.
wf = aw.New()
}
// Your workflow starts here
func run() {
// Add a "Script Filter" result
wf.NewItem("First result!")
// Send results to Alfred
wf.SendFeedback()
}
func main() {
// Wrap your entry point with Run() to catch and log panics and
// show an error in Alfred instead of silently dying
wf.Run(run)
}
In the Script Filter's Script box (Language = /bin/bash with input as argv):
./program "$1"
Read the docs on pkg.go.dev.
Check out the example workflows (docs), which show how to use AwGo. Use one as a template to get your own workflow up and running quickly.
The library (and therefore the unit tests) rely on being run in a minimally Alfred-like environment, as they pull configuration options from the environment variables set by Alfred.
This means that if you want to run AwGo-based code outside Alfred, e.g. in your shell, you must set at least the following environment variables to meaningful values, or the library will panic:
alfred_workflow_bundleid
alfred_workflow_cache
alfred_workflow_data
And if you're using the update API, also:
alfred_workflow_version
alfred_version
(not needed for Alfred 4+)To create a sufficiently Alfred-like environment, you can source
the env.sh
script in the project root or run unit tests via the run-tests.sh
script
(which also sets up an appropriate environment before calling go test
).
This library is released under the MIT licence. It was built with neovim and GoLand by JetBrains.
The icon is based on the Go Gopher by Renee French.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.