Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@apteryxxyz/posthog-js
Advanced tools
Posthog-js allows you to automatically capture usage and send events to PostHog.
For information on using this library in your app, see PostHog Docs.
This README is intended for developing the library itself.
Unit tests: run pnpm test
.
Cypress: run pnpm start
to have a test server running and separately pnpm cypress
to launch Cypress test engine.
Testing on IE11 requires a bit more setup. TestCafe tests will use the
playground application to test the locally built array.full.js bundle. It will
also verify that the events emitted during the testing of playground are loaded
into the PostHog app. By default it uses https://app.posthog.com and the
project with ID 11213. See the testcafe tests to see how to override these if
needed. For PostHog internal users ask @benjackwhite or @hazzadous to invite you
to the Project. You'll need to set POSTHOG_API_KEY
to your personal API key, and
POSTHOG_PROJECT_KEY
to the key for the project you are using.
You'll also need to sign up to BrowserStack. Note that if you are using CodeSpaces, these variables will already be available in your shell env variables.
After all this, you'll be able to run through the below steps:
nodemon -w src/ --exec bash -c "pnpm build-rollup"
.export BROWSERSTACK_USERNAME=xxx BROWSERSTACK_ACCESS_KEY=xxx
.npx testcafe "browserstack:ie" testcafe/e2e.spec.js
.You can use the create react app setup in playground/nextjs
to test posthog-js as an npm module in a Nextjs application.
posthog
locally on port 8000 (DEBUG=1 TEST=1 ./bin/start
).python manage.py setup_dev --no-data
on posthog repo, which sets up a demo account.http://localhost:8000/project/settings
and thencd playground/nextjs
and run NEXT_PUBLIC_POSTHOG_KEY='<your-local-api-key>' pnpm dev
Install Yalc to link a local version of posthog-js
in another JS project: npm install -g yalc
posthog-js
directory: yalc publish
yalc add posthog-js
, then install dependenciesposthog
this means: yalc add posthog-js && pnpm i && pnpm copy-scripts
)yalc update
, then install dependenciesposthog
this means: yalc update && pnpm i && pnpm copy-scripts
)yalc remove posthog-js
, then install dependenciesposthog
this means: yalc remove posthog-js && pnpm i && pnpm copy-scripts
)Just put a bump patch/minor/major
label on your PR! Once the PR is merged, a new version with the appropriate version bump will be released, and the dependency will be updated in posthog/PostHog – automatically.
If you want to release a new version without a PR (e.g. because you forgot to use the label), check out the main
branch and run npm version [major | minor | patch] && git push --tags
- this will trigger the automated release process just like the label.
To release an alpha or beta version, you'll need to use the CLI locally:
posthog-js
in npm (check here).npm login
).main
).npm version [premajor | preminor | prepatch] --preid=beta
npm publish --tag beta
git push --tags
1.105.9 - 2024-02-14
FAQs
Posthog-js allows you to automatically capture usage and send events to PostHog.
The npm package @apteryxxyz/posthog-js receives a total of 8 weekly downloads. As such, @apteryxxyz/posthog-js popularity was classified as not popular.
We found that @apteryxxyz/posthog-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.