Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@blitzjs/generator
Advanced tools
[![Blitz.js](https://raw.githubusercontent.com/blitz-js/art/master/github-cover-photo.png)](https://blitzjs.com)
Generator
This package houses all files related to Blitz codegen. In the main src
directory you'll find the base generator
class and a directory of generators
that extend it. The subclasses aren't terribly interesting, most of the fun happens in the abstract parent class. Each generator may (depending on whether it's a net new addition or modifying existing files) have a corresponding template defined in the templates
directory.
Creating a new generator requires a new Generator
subclass inside of src/generators
, and potentially a new template in templates
if the generator generates net-new files. For templates, we use our own templating language. Each variable in a template surrounded by __
(e.g. __modelName__
) will be replaced with the corresponding value in the object returned from Generator::getTemplateValues
. This type of replacement works in filenames as well.
The generator framework also supports conditional code generation, similar to other common templating languages like handlebars. All model variables are exposed via process.env
and can be used in conditional statements. The generator will not evaluate any expressions in the conditional, so the condition must be evaluated in the generator class and passed as a variable to the template. Both if else
and ternary statements are supported, and for if
statements no else
is required:
// VALID
if (process.env.someCondition) {
console.log("condition was true")
}
// VALID
if (process.env.someCondition) {
console.log("condition was true")
} else {
console.log("condition was false")
}
// VALID
const action = process.env.someCondition
? () => console.log("condition was true")
: () => console.log("condition was false")
// **NOT** VALID
// This will compile fine, but will not product the expected results.
// The template argument `someValue` will be evaluated for truthiness
// and the conditional will be evaluated based on that, regardless of
// the rest of the expression
if (process.env.someValue === "some test") {
console.log("dynamic condition")
}
FAQs
[![Blitz.js](https://raw.githubusercontent.com/blitz-js/art/master/github-cover-photo.png)](https://blitzjs.com)
The npm package @blitzjs/generator receives a total of 3,525 weekly downloads. As such, @blitzjs/generator popularity was classified as popular.
We found that @blitzjs/generator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.