Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
wellquite.org/ssg
This project is a Static Site Generator. It is written in Go, and makes heavy use of Go's templates; you will need to be familiar with these to be able to use this project. They are a little weird in places.
Install the ssg
command by running:
$ go install wellquite.org/ssg/cmd/ssg@latest
The command ssg
has the following flags:
-in
The directory to use as input. Always required.-out
The directory to use for output. Mutually exclusive with -serve
.-serve
Takes an optional port number. 1313 is the default. If this flag is given, then ssg
runs as a webserver and rebuilds the site everytime it detects a change within the input. Mutually exclusive with -out
.-log
Specify the log level. Default is info
. debug
and trace
provide more verbosity. warn
and error
provide less verbosity.The go doc shows all the fields that are available to the templates.
output = false
.---
and nothing more, before and after the TOML..md
extension then it is required the content of the file is markdown (after the meta-data section).foo/bar/baz.md
then its output path will be foo/bar/baz/index.html
. All other files have their output path equal to their input path, relative to the input directory.date
field, then the input file is considered a Post and a Page. Otherwise, it is considered a Page only. This affects which fields the file appears in within the .Global
template field.template
in the meta-data.summary
field and the input file is a markdown file, then the summary is automatically determined from the page content (after the inner template has been run but before the conversion to HTML), by taking the plain text from the start of the content to the end of a sentence that finishes after at least 70 words from the start.output = true
are run. The result of running these inner templates must be valid markdown. The markdown is then converted to HTML, and is stored in the ContentInner field.ContentOuter
field will have the same value as the ContentInner
field.This example, if it exists as a file within the input directory, would have a corresponding file in the output directory, which would contain the result of transforming this input file from Markdown to HTML.
This example shows how to generate an RSS feed for all the Posts. You might put this example in a file rss.xml
:
---
output = true
---
<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>{{ html .Site.Title }}</title>
<link>{{ .Site.BaseURL }}</link>
<description>Recent content on {{ html .Site.Title }}</description>
<generator>{{ html .Generator }}</generator>
<language>en-us</language>
<copyright>Copyright © {{ .Now.Year }}, {{ .Site.Author }}</copyright>
<lastBuildDate>{{ .Now.Format .RFC1123Z }}</lastBuildDate>
<image>
<url>{{- .Site.BaseURL -}}logo.png</url>
<title>{{ html .Site.Title }}</title>
<link>{{ .Site.BaseURL }}</link>
</image>
<atom:link href="{{ .Page.AbsoluteURL }}" rel="self" type="application/rss+xml" />
{{- $dot := . -}}
{{- range $post := .Global.Posts }}
<item>
<title>{{ html $post.Meta.Title }}</title>
<link>{{ $post.AbsoluteURL }}</link>
<pubDate>{{ $post.Meta.Date.Format $dot.RFC1123Z }}</pubDate>
<guid>{{ $post.AbsoluteURL }}</guid>
<description>
{{ $post.ContentInner | printf "%s" | html }}
</description>
</item>
{{- end }}
</channel>
</rss>
The inner template can call other templates. For example, this file could be at posts/series/onions/post3.md
:
---
title = "Onions: the revenge"
date = 2021-12-09T11:01:09Z
tags = ['onions']
output = true
template = "templates/post.html"
'''
---
In this series:
{{ template "templates/list-pages.md" (index .Global.PostsByTag "onions").OldestFirst }}
For many people, onions make them cry...
It specifies a outer template that should be found at
templates/post.html
(which presumably is responsible for turning the
HTML-from-markdown into a fully valid HTML page); and in the inner
template, it calls templates/list-pages.md
. That file could look
like this:
---
output = false
---
{{ range $page := . }}
* [{{html $page.Meta.Title}}]({{$page.AbsoluteURL}})
{{- end }}
It sets output = false
because this file is only useful as a
template to be used by others, so it should not have a corresponding
output file for itself. This template generates markdown (which is
hinted at by the fact it has a .md
extension). So, the inner
template of post3.md
is run (which calls
templates/list-pages.md
), and the result of that is assumed to be
valid markdown and then converted to HTML. The result of all of that
is passed to the outer template (templates/post.html
), and the
result of that will be stored in the output directory at
posts/series/onions/post3/index.html
.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.