Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@bluwy/giget-core
Advanced tools
A JavaScript API to download a template from a git repository or URL. The code is largely based on giget (and includes its license), but with the below main differences:
GIGET_
special environment variables support.The API is heavily documented in ./src/index.d.ts. Below shows some examples of using them:
downloadTemplate
Download a template with a given input string.
import { downloadTemplate } from '@bluwy/giget-core'
// Basic usage. Download from github repo.
const result = await downloadTemplate('unjs/template')
// info: { ... } - The template information parsed by providers
// dir: '...' - The directory where the template is downloaded to
// source: '...' - The source URL of the template (Prefix like `gh:` is stripped)
// Other input syntaxes
await downloadTemplate('unjs/template/subdir')
await downloadTemplate('unjs/template#main')
await downloadTemplate('gh:unjs/template')
await downloadTemplate('gitlab:unjs/template')
await downloadTemplate('bitbucket:unjs/template')
await downloadTemplate(
'https://api.github.com/repos/unjs/template/tarball/main',
)
// Download to a specific directory (relative to cwd)
await downloadTemplate('unjs/template', { dir: 'my-project' })
// Download to a directory even if it has existing content
// (merges directories and replaces matching files)
await downloadTemplate('unjs/template', { force: true })
// Clean directory before downloading to it
await downloadTemplate('unjs/template', { force: 'clean' })
// Use offline cache only
await downloadTemplate('unjs/template', { offline: true })
// Use offline cache if available, otherwise download
await downloadTemplate('unjs/template', { offline: 'prefer' })
// Specify provider explicitly (if input has a provider prefix, it'll
// take precedence instead)
await downloadTemplate('unjs/template', { provider: 'gitlab' })
// Pass authentication token to access private repositories
// (handled by providers to pass as headers when downloading the tarball)
await downloadTemplate('unjs/template', { providerOptions: { auth: 'xxx' } })
verifyTemplate
Check whether the template is valid. Requires network access.
import { verifyTemplate } from '@bluwy/giget-core'
await verifyTemplate('unjs/template') // true
await verifyTemplate('unjs/template/subdir') // true
await verifyTemplate('unjs/template#main') // true
await verifyTemplate('gh:unjs/template') // true
await verifyTemplate('gitlab:unjs/template') // true
await verifyTemplate('bitbucket:unjs/template') // true
await verifyTemplate('https://api.github.com/repos/unjs/template/tarball/main') // true
await verifyTemplate('unjs/non-existent-repo') // false
await verifyTemplate('unjs/template/not-existent-subdir') // false
await verifyTemplate('unjs/template#not-existent-branch') // false
parseGitURI
Parse an input (e.g. 'owner/repo/templates/foo#main'
) into a GitInfo
object. Useful for custom providers that need to parse the given input.
import { parseGitURI } from '@bluwy/giget-core'
parseGitURI('owner/repo') // { repo: 'owner/repo', subdir: '/' }
parseGitURI('owner/repo/subdir') // { repo: 'owner/repo', subdir: '/subdir' }
parseGitURI('owner/repo#main') // { repo: 'owner/repo', subdir: '/', ref: 'main' }
parseGitURI('owner/repo/subdir#main') // { repo: 'owner/repo', subdir: '/subdir', ref: 'main' }
giget
exports a downloadTemplate
programmatic API as well. For most basic usecases, there's no significant difference and should be a drop-in replacement. However, there's certain features that work differently:
forceClean
option is merged as force: 'clean'
.preferOffline
option is merged as offline: 'prefer'
.registry
option is removed. You can no longer download templates hosted from giget. Pass the direct tarball URL or git repo instead.install
and silent
options used for installing dependencies is removed. You should manually install the dependencies yourself. Previously giget
used nypm under the hood.auth
option is moved to providerOptions.auth
.TemplateProvider
and TemplateInfo
interfaces used by the providers
option is slightly changed.
TemplateProvider
: The function must return a TemplateInfo
instead of null. If it fails to handle something, it should try a helpful error.TemplateInfo
: It no longer allows returning arbitrary keys in the object.TemplateInfo
on the info
property instead of spreading on the returned object.GIGET_
environment variables support are removed. They should be passed as explicit options instead.As mentioned above, this project is based heavily on giget! Thanks @pi0 for the original work and battle-testing it.
In the future, I hope the code here can be merged back to giget
, perhaps as a giget-core
library, and have the giget
CLI as a wrapper library.
MIT
FAQs
Download template from a git repo or tarball URL
The npm package @bluwy/giget-core receives a total of 6,300 weekly downloads. As such, @bluwy/giget-core popularity was classified as popular.
We found that @bluwy/giget-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.