Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@blockstack/clarity-native-bin
Advanced tools
This package installs the system-specific native clarity-cli
binary.
The JS module also provides programmatic access to the binary file path and the installation functions.
An installation script runs automatically when this package is installed via npm install
(or an equivalent package install tool/command). Pre-built dist files are downloaded if the platform & arch is supported, otherwise, it attempts to compile the binary from source.
Force install via source compilation by specifying either the BLOCKSTACK_CORE_SOURCE_TAG
or BLOCKSTACK_CORE_SOURCE_BRANCH
environment variables. The variable must be available during the npm install script. If found then the script will not attempt to download
a pre-compiled distributable. The value must be set to a git tag or branch on the https://github.com/blockstack/blockstack-core
repo.
To move a local copy of the clarity-cli
binary from a different folder on your machine, include the environment variable BLOCKSTACK_CORE_SOURCE_PATH
.
For example, the following commands test a blockstack-core repo feature branch using the clarity-tutorials
package:
git clone git@github.com:blockstack/clarity-js-sdk.git
cd clarity-js-sdk
BLOCKSTACK_CORE_SOURCE_BRANCH="feature/new-thing" npm install
cd packages/clarity-tutorials
npm test
Or, for an already setup local SDK dev environment, trigger an npm install
of this package. Examples:
cd clarity-js-sdk
BLOCKSTACK_CORE_SOURCE_BRANCH="feature/new-thing" npm run rebuild
Or
cd clarity-js-sdk/packages/clarity-native-bin
BLOCKSTACK_CORE_SOURCE_BRANCH="feature/new-thing" npm install
If compiling from source then the Rust toolchain and a C compiler must be available.
FAQs
Library for providing the native Clarity CLI binary
We found that @blockstack/clarity-native-bin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.