Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aegis.inc/aegis-cli
Advanced tools
npm install -g "@aegis.inc/aegis-cli"
安装完成后,会添加全局命令anpm
和aegis-cli
。(两者是完全一样的,只不过考虑到aegis-cli
输入过于麻烦,所以才添加了别名anpm
);
anpm install <package>
anpm 将调用 npm
yarn
pnpm
进行依赖安装,并同时指定公司仓库镜像源(就像淘宝镜像一样)。
如果项目中包含lock
文件,它会以lock
对应的包管理工具进行安装,如果没有对应的lock
文件,则会进行提问。
因此你如果有多个项目使用不同的包管理工具,相比交替使用不同的包管理工具,直接使用anpm
可以减少你的烦恼。
你也可以自己指定公司仓库,然后使用自己的包管理工具
npm config set registry https://nexus.aegis-data.cn/repository/npm-all/
anpm create <dir> [--template]
或
aegis-cli create <dir> [--template]
<dir>
的意思是,此处为必选参数
[--template]
的意思是,此处为可选参数
template
Vue
: Vue
+Vite
项目请在在已有项目内执行,目前仅支持 Vue3 项目
anpm init [--config] [--management]
anpm in [--config] [--management]
或
aegis-cli init [configuration] [--management] [--common]
aegis-cli in [configuration] [--management] [--common]
目前配置(configuration
)包含
eslint
- 代码格式检查commitlint
- git 提交检查husky
- git 劫持git-cz
- git 提交命令行辅助lint-staged
- git 提交内容区分例如执行下面这行代码,可以直接初始化 eslint 配置而跳过配置选择。
anpm in eslint
management
快速指定包管理工具,将 management
替换成
npm
yarn
pnpm
cnpm
common
添加 common
参数可以使用公共仓库进行初始化
anpm in eslint --common
anpm update
# 更新beta版本
anpm update -b
开发人员请参照 开发文档
FAQs
aegis的cli命令行脚手架
The npm package @aegis.inc/aegis-cli receives a total of 44 weekly downloads. As such, @aegis.inc/aegis-cli popularity was classified as not popular.
We found that @aegis.inc/aegis-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.