Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@ampproject/toolbox-linter
Advanced tools
A linter for AMP documents: reports errors and suspicious constructions such as images missing or incorrectly sized, missing CORS headers, or invalid metadata.
This code is alpha quality.
Command-line (local build):
$ npm install
$ npm run build # generates src/cli.js from src/cli.ts
$ node src/cli.js https://amp.dev/
Command-line (from npm):
$ npx @ampproject/toolbox-linter@canary https://amp.dev/
Node:
const fs = require("fs");
const linter = require("@ampproject/toolbox-linter");
const cheerio = require("cheerio");
const body = fs.readFileSync("amp-dev.html");
const context = {
$: cheerio.load(body),
headers: {},
url: "https://amp.dev/"
};
linter.MetaCharsetIsFirst(context).then(console.log);
dump-signedexchange
One test has a dependency on the dump-signedexchange
go binary. If this is
available (installation
instructions)
at additional check of the application/signed-exchange
response will be
performed.
npm install
Installs dependencies. Run this first.
npm run build
Builds *.js
from *.ts
. Use this instead of tsc
to ensure the correct
config (via command-line arguments) is in use. (@pika/plugin-ts-standard-pkg
needs slightly different config, but it's essentially hardcoded to read from
tsconfig.json
, so we need to use that for pika.)
npm test
Runs the tests.
npm run lint
Checks the code for lint errors.
npm run watch
Automatically rebuild *.js
whenever *.ts
changes.
npm run package
Generates npm-installable version of the package in pkg/
. From another
directory install via npm install amp-toolbox/packages/linter/pkg
.
Note: this command will emit multiple warnings of the form 'Valid relative
imports must include the ".js" file extension' as well as complaints about
require
and module
not being valid ESM globals; these can both be ignored.
(The first issue is due to extension-less imports not being valid
ES2018; the second is that the
globals require
and module
are not valid ESM globals. Not being valid ES2018
is not a problem here, since this code is not designed to run in the browser.)
npm run publish
Uses @pika's pack publish
to publish to npm.
index.ts
, that always "fails". e.g. it always
returns qqqqqq
. It should extend the Rule
class.tests/network.ts
. (If HTTP requests are required; if not
then create a directory in tests/local/MyNewTest-1
that contains a
source.html
(AMP HTML source) and expected.json
(expected JSON output),
and tests/local.js
will automatically execute your "test".)npm test
. If the fixtures can't be found, they will be
generated automatically (via real network requests). Hopefully your test will
fail.npm run publish
to publish the new version to npm. (If you have
two-factor auto turned on, this might not work, even though no errors are
reported. To actually publish (or at least see the errors), run npm publish
from the pkg
directory.)FAQs
A linter for AMP documents
The npm package @ampproject/toolbox-linter receives a total of 30 weekly downloads. As such, @ampproject/toolbox-linter popularity was classified as not popular.
We found that @ampproject/toolbox-linter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.