Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/weaveworks/build-tools
Included in this repo are tools shared by weave.git and scope.git. They include
bazel-rules
: Bazel build rules used in our projectsbuild
: a set of docker base-images for building weave
projects. These should be used instead of giving each project its
own build image.provisioning
: a set of Terraform scripts to provision virtual machines in GCP, AWS or Digital Ocean.config_management
: a set of Ansible playbooks to configure virtual machines for development, testing, etc.cover
: a tool which merges overlapping coverage reports generated by go
testfiles-with-type
: a tool to search directories for files of a given
MIME typelint
: a script to lint go, sh and hcl files; runs various tools like
golint, go vet, errcheck, shellcheck etcrebuild-image
: a script to rebuild docker images when their input files
change; useful when you using docker images to build your software, but you
don't want to build the image every time.shell-lint
: a script to lint multiple shell files with
shellchecksocks
: a simple, dockerised SOCKS proxy for getting your laptop onto
the Weave networktest
: a script to run all go unit tests in subdirectories, gather the
coverage results, and merge them into a single report.runner
: a tool for running tests in parallel; given each test is
suffixed with the number of hosts it requires, and the hosts available are
contained in the environment variable HOSTS, the tool will run tests in
parallel, on different hosts.scheduler
: an appengine application that can be used to distribute
tests across different shards in CircleCI.lint
requires shfmt to lint sh files; get shfmt withcurl -fsSLo shfmt https://github.com/mvdan/sh/releases/download/v1.3.0/shfmt_v1.3.0_linux_amd64
chmod +x shfmt
(we pin that version, and it doesn't build from the source repo any more)
To allow you to tie your code to a specific version of build-tools.git, such
that future changes don't break you, we recommendation that you git subtree
this repository into your own repository:
git subtree add --prefix tools https://github.com/weaveworks/build-tools.git master --squash
To update the code in build-tools.git, the process is therefore:
git subtree pull --prefix tools https://github.com/weaveworks/build-tools.git master --squash
in your repo, and PR that.If you have any questions about, feedback for or problems with build-tools
:
Weaveworks follows the CNCF Code of Conduct. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a Weaveworks project maintainer, or Alexis Richardson (alexis@weave.works).
Your feedback is always welcome!
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.