![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@buildo/hophop
Advanced tools
Readme
A minimal tool to accelerate the GitHub workflow from the command line.
npm install -g @buildo/hophop
with a non-ancient version of npm
hophop gh setup
to set the GitHub API access token
hophop
in the terminal hophop requires Git version 2.22.0 or higher to work correctly.
hophop gh feature
to create a local branch referencing an open issue
hophop gh feature # if you don't know the issue number
hophop gh feature 123 # if you already know the issue number
hophop gh pr
to push the current feature branch and, if needed, open a Pull Request. The name of the pull request will cause GitHub to auto-close the issue when the PR is merged.
hophop gh pr # to open pull request on master
hophop gh pr --base # to open pull request on a different branch (hophop will ask you to select a branch)
hophop gh commit
to create a commit that closes an open issue.
hophop gh open
to open on Chrome the PR associated with current branch.
add an optional .hophoprc
file in your project root folder in order to set default answers to the hophop gh feature
task questions.
Config:
type Option = 'ask' | 'no' | 'n' | 'nope' | 'yes' | 'y' | 'yep' | 'si' | 'of course' | 'youbetcha';
type Config = {
apiUrl?: string; // default: 'https://api.github.com'
branchSuffix?: Option; // default: 'ask'
moveToWIP?: Option; // default: 'y'
openPRWithTestPlanTemplate?: Option; // default: 'y'
closeIssueWithPR?: Option // default: 'y',
openPRAsDraft?: 'Option' // default: 'n'
kaiten?: { // default: undefined
boardId: number;
backlogColumnId: number;
};
};
branchSuffix: y
hophop supports using Kaiten for issue tracking. To enable Kaiten add the kaiten
section in .hophoprc
, for example:
kaiten:
- boardId: 123123
backlogColumnId: 123123
You can configure as many combinations of boardId/backlogColumnId as you want:
kaiten:
- boardId: 123123
backlogColumnId: 123123
- boardId: 456456
backlogColumnId: 456456
You can retrieve board and column ids in the Kaiten UI by using the "copy link" functionality and getting the id from the resulting url
Once Kaiten is configured all hophop commands will automatically use it instead of GitHub.
Note that, in this case, the command hophop gh feature
will also push the newly created local branch to the remote repository in order to move the issue's card from Backlog to WIP.
After installing the package, an autocompletion file is available at
NPM_PREFIX/lib/node_modules/@buildo/hophop/_hophop
where NPM_PREFIX
is usually /usr/local
and it can be retrieved using npm prefix -g
If you use oh-my-zsh, installing the autocompletion is as easy as:
mkdir -p ~/.oh-my-zsh/custom/plugins/hophop
ln -s `(npm prefix -g)`/lib/node_modules/@buildo/hophop/bin/_hophop ~/.oh-my-zsh/custom/plugins/hophop/_hophop
touch ~/.oh-my-zsh/custom/plugins/hophop/hophop.plugin.zsh
Then enable the plugin in your .zshrc
, for example:
plugins=(git brew hophop)
FAQs
Unknown package
We found that @buildo/hophop demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.