Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@ampproject/toolbox-linter
Advanced tools
AMP Linter
Overview
A linter for AMP documents: reports errors and suspicious constructions such as images missing or incorrectly sized, missing CORS headers, or invalid metadata.
Usage
Command-line (local build):
# from the amp-toolbox root
$ npm install
$ npm run build # generates packages/linter/dist/cli.js
$ cd packages/linter
$ node dist/cli.js https://amp.dev/
Command-line (from npm):
$ npx @ampproject/toolbox-cli lint https://amp.dev/
Node:
const fs = require("fs");
const linter = require("@ampproject/toolbox-linter");
const cheerio = require("cheerio");
const body = fs.readFileSync("amp-dev.html");
const context = {
$: cheerio.load(body),
headers: {},
url: "https://amp.dev/"
};
linter.MetaCharsetIsFirst(context).then(console.log);
dump-signedexchange
One test has a dependency on the dump-signedexchange go binary. If this is
available (installation
instructions)
at additional check of the application/signed-exchange response will be
performed.
Development
Commands/Scripts
These scripts can be invoked in the usual way by npm run XXX if npm install
is run in this directory. They can also be invoked from the amp-toolbox root
directory without installing locally by lerna run --scope '*/toolbox-linter' XXX. (lerna sets the PATH so that the required binaries are available.)
build
Populates the dist directory with the appropriate *.js and *.d.ts files.
Note that tests are not included. This script is intended to be used when
building the npm package.
lint
Checks the code for lint errors using prettier.
Running tests
The unit tests run in the context of toolbox project.
# Run all linter tests
npm run test:node -- packages/linter
# Run linter network tests
npm run test:node -- packages/linter/tests/network.test.ts
Suggested Development Workflow
- Create stub rule in
rules/, that always "fails". e.g. it always returnsqqqqqq. It should extend theRuleclass. - Write tests in
tests/network.test.ts(If HTTP requests are required). If not then create a directory intests/local/MyNewTest-1that contains asource.html(AMP HTML source) and add your test intests/local.test.ts. - Run the test using
npm run test:node -- packages/linterin the toolbox root. If the fixtures can't be found, they will be generated automatically (via real network requests). Hopefully your test will fail. - Fix the implementation, and re-run the test.
FAQs
A linter for AMP documents
We found that @ampproject/toolbox-linter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 16 open source maintainers collaborating on the project.
Package last updated on 01 Jun 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024