Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ansgar/cdktf-provider-project
Advanced tools
A project template for [projen](https://github.com/eladb/projen) to create repositories for prebuilt provider packages for [Terraform CDK](https://cdk.tf).
A project template for projen to create repositories for prebuilt provider packages for Terraform CDK.
The provider repos are entirely auto generated from the configuration contained in this repo here. There's no manual interaction necessary, except for creating the initial repository - using this repo. The cdktf get
command is executed as part of the build pipeline in Github Actions. These jobs are executed on a schedule. Hence, new provider changes will be picked up automatically.
Add a new repository over here.
In the newly created repository, all we need is a .projenrc.js
file like this:
const { CdktfProviderProject } = require('@cdktf/provider-project');
const { Semver } = require('projen');
const project = new CdktfProviderProject({
terraformProvider: "aws@~> 2.0"
});
project.synth();
Adjust the terraformProvider
attribute as required and run the following commands:
npm install @cdktf/provider-project@latest
npx projen
yarn install
This will generate an entire repository ready to be published, including Github Workflows for publishing NPM, Pypi and maven packages. The only thing which is needed to be set manually are the tokens for these registries:
NPM_TOKEN
TWINE_PASSWORD
TWINE_USERNAME
MAVEN_GPG_PRIVATE_KEY
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE
MAVEN_PASSWORD
MAVEN_USERNAME
MAVEN_STAGING_PROFILE_ID
Commit and push the required changes to this repository here and wait for the auto-release to happen. Once released, you can run the following commands in the target provider repository:
npm install @cdktf/provider-project@latest
npx projen
yarn install
Commit, push and check for the auto-released version.
Whatever needs to be changed in the downstream provider repositories should be done via the code definitions here.
For local development, yarn link might be quite helpful for testing.
FAQs
A project template for [projen](https://github.com/eladb/projen) to create repositories for prebuilt provider packages for [Terraform CDK](https://cdk.tf).
We found that @ansgar/cdktf-provider-project demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.