Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@backpackjs/build
Advanced tools
backpackjs transform
spec (v2)Transforms are functions that take product and collection data sourced earlier in the backpack build process and allow implementers to alter or augment that data before it's passed on to the storefront and used to create and render product and collection pages. In addition, blog, article, and page content data is accessable as read-only data.
Implementers declare which transforms should run in the backpack.config.json
file under the transforms
key as an array of identifiers. Transforms are run in the order they are declared in the config.
Declarations can take one of two forms:
If included, options are passed to the transform function. An identifier can be one of the following:
@backpackjs/transform-shopify
./transforms/shopify.js
The location the identifier points to must export a function that receives an object as an argument and returns an object containing the product and collection data modified by the transform function.
module.exports = (input: Object) => {
return void || { products: Object[], collections: Object[] }
}
If you would like to persist your changes to product and collection data between transforms, the updated data should be returned in an object with the array fo transformed product data under the products
key and the array of transformed collection
data under the collections key. Returning data is optional, keys returned outside of products
and collections
will be ignored
Note: It is also permitted to return nothing, in which case the product and collection data that was passed into the transforme with be implicitly returned. Usually, this would be done in a situation where you need to run some kind of side-effect or produce an artifact using updated product and collection data (e.g. products-feed with augmented data), but don't update any data.
The transform function is passed a single inputs object argument:
input
: Object
products
: Object[]
collections
: Object[]
blogs
: Object[]
articles
: Object[]
pages
: Object[]
context
: Object
Listr2
build context objectoptions
: Object
backpack.config.json
log
: Object
info
, error
and message
methods used for logginglog.info('this is a normal log');
log.error('this appears under the "Errors" heading');
log.message('this appears under the "Warning" heading')
clients
: Object
FAQs
## `backpackjs transform` spec (v2)
We found that @backpackjs/build demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.