Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
com.github.alexarchambault.tmp.ammonite:ammonite-repl-api_2.13.5
Advanced tools
ammonite-repl-api
This is where the code for the Ammonite project lives:
If you use Ammonite and like it, you will probably enjoy the following book by the Author:
Hands-on Scala has uses Ammonite extensively throughout the book, using Ammonite to accomplish a lot of useful tasks: exploring third party libraries or writing parallel web-crawlers in the REPL, and implementing entire programming languages in Ammonite Scala Scripts. Hands-on Scala is a great way to level up your skills in Scala in general and Ammonite in particular.
If you want to learn more about Ammonite or how to use it, check out the links above, or ask on the Gitter Channel. The remainder of this document is developer-docs for people who want to work on the Ammonite source code itself.
If you are interested in living more "on the edge", we also publish artifacts and the doc-site every commit; the doc-site is available at
And contains instructions on how to download the per-commit executable or depend on the per-commit maven artifact.
If you use Ammonite and like it, please support us by donating to our Patreon:
The layout of the repository is roughly:
ops/
is Ammonite-Opsamm/
is Ammonite's core, REPL and script runnershell/
is Ammonite-Shellterminal/
is the JLine re-implementation used by Ammonite-REPL to provide
syntax highlighting and multiline editingreadme/
is the source code for the Documentation,
written in Scalatex.published/
is a synthetic project used for publishing, excluding the readme
and integration testsFor more detailed information, check out the internals documentation for high-level overviews of some interesting facets of the codebase
Although most features should be unit tested, it's still useful to fire up a REPL from the current codebase to see things work (or not). There are a variety of shells you can spin up for testing different things:
mill -i -w terminal[2.12.6].test.run
is useful for manual testing the
terminal interaction; it basically contains a minimal echo-anything terminal,
with multiline input based on the count of open- and closed-parentheses. This
lets you test all terminal interactions without all the complexity of the
Scala compiler, classloaders, etc. that comes in repl/
mill -i -w amm[2.12.6].run
brings up the Ammonite-REPL using the source code
in the repository, and automatically restarts it on-exit if you have made a
change to the code. Useful for manual testing both of amm/
as well as
ops/
, since you can just import ammonite.ops._
and start using them. Note
that this does not bring in filesystem utilities like the wd
variable, cd!
command. You can also pass in the path to a .sc
file to run it using
Ammonite's script runner
mill -i -w integration[2.12.6].test.run
runs the trivial main method in the
integration
subproject, letting you manually test running Ammonite
programmatically, whether through run
or debug
mill -i amm[2.12.6].assembly
creates an assembly at
out/amm/2.12.6/assembly/dest/out.jar
that you can then use to test: start a
REPL, run scripts, etc. in a standalone environment without being wrapped in
Mill build tool
mill -i amm[2.12.6].launcher
creates a launcher script at
out/amm/2.12.6/launcher/dest/run
that can also be used to run Ammonite
outside of the Mill build tool.
While working on an arbitrary xyz
subproject, mill -w xyz.test
runs tests after every change.
amm/test
can be a bit slow because of the amount of code it compiles, so you may want to specify the test manually via amm/test-only -- ammonite.TestObject.path.to.test
.
ops/test
tests the filesystem operations, without any REPL presentamm/test
tests the Ammonite-REPL/Script-runner, without filesystem-shell integration.terminal/test
tests the readline re-implementation: keyboard navigation, shortcuts, editing, without any filesystem/scala-repl logicshell/test
tests the integration between the standalone ops/
and amm/
projects: features like cd!
/wd
, path-completion, ops-related pretty-printing and toolsintegration/test
kicks off the integration tests, which bundle amm/
and shell/
into their respective jars and invoke them as subprocesses. Somewhat slow, but exercises all the command-line-parsing stuff that the other unit tests do not exercise, and makes sure that everything works when run from .jar
s instead of loose class-filesPublishing is automatic, controlled by scripts in the ci/
folder.
Every commit that lands in master will publish a new unstable version, that you can already use and download. This includes publishing the unstable version to maven central to the snapshot-commit-uploads tag, and updating the documentation-site so it's Unstable Version download instructions to point to it, though the "main" download/install instructions in the doc-site will not be changed.
Every commit that lands in master with a tag will re-publish a stable version to maven central and upload a new versioned release (using the tag as the version) and the doc-site is updated so the main download/install instructions point at the new published stable version.
In general, if you land a change in master, once CI completes (1-2hrs) you should be able to download it via the Unstable Version instructions and make use of your changes standalone or in an SBT project.
Occasionally, the CI job building and publishing one of the above steps flakes and fails, and needs to be re-run through the travis web interface.
I've started tagging open issues in the issue tracker to try and keep things neat. This is what the various tags mean:
Each issue should only have one of these:
bug
: this behavior clearly wrong, and needs to be fixedenhancement
: something relatively speccable, that can be worked on, finished, and will make Ammonite betterwishlist
: could be totally awesome, but we're uncertain if it is worth doing at all, what it would look like, or if it will ever reach a "finished" state.And possibly:
help wanted
: I don't have context, hardware, or for some other reason am unlikely to ever do this. But I know people out there care, so one of you should step up and fix it.FAQs
ammonite-repl-api
We found that com.github.alexarchambault.tmp.ammonite:ammonite-repl-api_2.13.5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.