![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@auto-canary/cocoapods
Advanced tools
Readme
Use auto
to version your CocoaPod, and push to your specs repository!
This plugin is not included with the auto
CLI installed via NPM. To install:
npm i --save-dev @auto-it/cocoapods
# or
yarn add -D @auto-it/cocoapods
WARNING: You can only use one "package manager" at a time! Mixing them will lead to undesired results.
{
"plugins": [
[
"cocoapods",
{
// Required, the relative path to your podspec file
"podspecPath": "./Test.podspec",
// Optional, the specs repo to push to
"specsRepo": "https://github.com/intuit/TestSpecs.git",
// Optional, flags to pass to the `pod repo push` command
"flags": ["--sources=https://github.com/SpecRepo.git"],
// Optional, specify a different executable for `pod`
"podCommand": "bundle exec pod"
}
]
// other plugins
]
}
Or with multiple podspecs:
{
"plugins": [
[
"cocoapods",
{
// Required, the relative path to your podspec file
"podspecPath": ["./Test.podspec", "./Test2.podspec"],
// Optional, the specs repo to push to
"specsRepo": "https://github.com/intuit/TestSpecs.git",
// Optional, flags to pass to the `pod repo push` command
"flags": ["--sources=https://github.com/SpecRepo.git"],
// Optional, specify a different executable for `pod`
"podCommand": "bundle exec pod"
}
]
// other plugins
]
}
pod
CLI installed already, or podCommand
specified in your plugin configuration.podspec
file must pass pod lib lint
in order for publishing to a Specs repository to work.
auto -v
, auto -vv
, auto -q
) will also add the verbose or silent flags to the CocoaPod commands.If a specsRepo
is not provided in the plugin options, this plugin will push to the CocoaPods trunk repository. This requires that the machine running this has followed the steps for pushing to trunk, the guide for that can be found here.
If specsRepo
is provided in the configuration, this plugin will add that repo under a temporary name, push to it, and remove the repo from the CocoaPods installation on the machine. The machine that is running the plugin must have the appropriate git credentials to push to that repository.
When pushing to a private Specs repo, this plugin will temporarily create a repository with the name autoPublishRepo
using pod repo add
, and will remove it when the release has completed.
FAQs
Unknown package
The npm package @auto-canary/cocoapods receives a total of 10 weekly downloads. As such, @auto-canary/cocoapods popularity was classified as not popular.
We found that @auto-canary/cocoapods demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.