![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
6xs
Advanced tools
Readme
6xs means Simple Storage Service Static Site Sync.
It takes your /public
directory (or however you call it) and pushes its
contents (optionally matching with node-glob
) into a selected S3 bucket.
It also can:
This usage example presents all available configuration options:
var sync = require('6xs');
var path = require('path');
sync({
// defaults to: process.cwd() + '/public'
base: path.join(__dirname, 'public'),
// defaults to: '**'
patterns: ['*.html', 'font/*'],
// defaults to noop
logger: function () {
return console.log.apply(console, arguments);
},
// custom mappings between file extension and content type
// if not provided, libmagic is used for detection
// values below are used by default:
contentTypeMap: {
html: 'text/html',
css: 'text/css',
js: 'application/javascript',
json: 'application/json'
},
aws: {
// have to be provided:
access_key_id: 'abcdef...',
secret_access_key: 'xyz987...',
// defaults:
ssl: true,
retries: 3,
concurrency: 10
},
s3: {
// have to be provided:
region: 'eu-west-1',
bucket: 'your-bucket-name',
// defaults to false:
remove_remote_surplus: true
// defaults:
max_age: 365,
s_max_age: 1,
},
// if the distribution id is provided,
// its content will be invalidated after the upload
cf_distribution_id: 'qwerty...'
}, function (err, uploadedFiles) {
// callback is optional
// if upload was successful, err will be null
// uploadedFiles is an array of paths
});
Usage
$ 6xs <settings/options>
This will upload the current working directory to the specified S3 bucket.
Required settings
-i, --id AWS Access Key ID
-s, --secret AWS Secret Access Key
-b, --bucket AWS S3 Bucket name
-r, --region AWS region
Options
-p, --patterns Glob patterns of the files to upload
default: **
e.g. *.html
e.g. *.html,fonts/*
-ma, --max-age Cache-Control max-age header, in days
default: 365
-sa, --s-max-age Cache-Control s-maxage header, in days
default: 1
--retries Number of retries
Default: 3
--concurrency Number of concurrent uploads
Default: 10
--remove-surplus Remove remote files that are not
found in your local directory
--no-ssl Don't use SSL
-cf, --cloudfront The distribution ID to invalidate
Examples
$ 6xs -i I2B -s KPAvL4GR -b my-s3-site.gov -r us-west-2 --remove-surplus
Uploading: ...
Pull requests and/or issue reports are warmly welcomed!
$ npm run test
$ npm run coverage
Travis build won't run integration tests if your PR originates in a fork.
You'll need to provide 4 environmental variables to run integration tests locally. The user identified by the access key has to have an appropriate allowing policy for the S3 bucket assigned.
$ AWS_ACCESS_KEY_ID=key-id \
AWS_SECRET_ACCESS_KEY=secret \
S3_REGION=your-region \
S3_BUCKET=your-test-bucket \
npm run test-integration
If you understand implications you can copy integration-test.sh.dist
and
adjust it to your needs.
MIT
FAQs
Simple Storage Service Static Site Sync
The npm package 6xs receives a total of 3 weekly downloads. As such, 6xs popularity was classified as not popular.
We found that 6xs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.