Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@blitzjs/generator
Advanced tools
[![Blitz.js](https://raw.githubusercontent.com/blitz-js/art/master/github-cover-photo.png)](https://blitzjs.com)
Generator
This package houses all files related to Blitz codegen. In the main src
directory you'll find the base generator
class and a directory of generators
that extend it. The subclasses aren't terribly interesting, most of the fun happens in the abstract parent class. Each generator may (depending on whether it's a net new addition or modifying existing files) have a corresponding template defined in the templates
directory.
Creating a new generator requires a new Generator
subclass inside of src/generators
, and potentially a new template in templates
if the generator generates net-new files. For templates, we use our own templating language. Each variable in a template surrounded by __
(e.g. __modelName__
) will be replaced with the corresponding value in the object returned from Generator::getTemplateValues
. This type of replacement works in filenames as well.
The generator framework also supports conditional code generation, similar to other common templating languages like handlebars. All model variables are exposed via process.env
and can be used in conditional statements. The generator will not evaluate any expressions in the conditional, so the condition must be evaluated in the generator class and passed as a variable to the template. Both if else
and ternary statements are supported, and for if
statements no else
is required:
// VALID
if (process.env.someCondition) {
console.log("condition was true")
}
// VALID
if (process.env.someCondition) {
console.log("condition was true")
} else {
console.log("condition was false")
}
// VALID
const action = process.env.someCondition
? () => console.log("condition was true")
: () => console.log("condition was false")
// **NOT** VALID
// This will compile fine, but will not product the expected results.
// The template argument `someValue` will be evaluated for truthiness
// and the conditional will be evaluated based on that, regardless of
// the rest of the expression
if (process.env.someValue === "some test") {
console.log("dynamic condition")
}
FAQs
[![Blitz.js](https://raw.githubusercontent.com/blitz-js/art/master/github-cover-photo.png)](https://blitzjs.com)
The npm package @blitzjs/generator receives a total of 1,774 weekly downloads. As such, @blitzjs/generator popularity was classified as popular.
We found that @blitzjs/generator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.