Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@changesets/pre
Advanced tools
@changesets/pre is a tool designed to help manage pre-releases in a monorepo setup. It allows you to create, manage, and publish pre-releases of your packages, making it easier to test and iterate on changes before making a stable release.
Enter Pre Mode
This command puts your repository into 'pre' mode, where all subsequent changesets will be treated as pre-releases. The 'beta' argument specifies the pre-release tag.
npx changeset pre enter beta
Exit Pre Mode
This command exits 'pre' mode, returning your repository to normal release behavior. Any subsequent changesets will be treated as stable releases.
npx changeset pre exit
Create a Changeset
This command creates a new changeset, which is a record of changes that will be included in the next release. In 'pre' mode, these changes will be part of the pre-release.
npx changeset add
Publish Pre-Release
This command publishes the pre-release packages to the npm registry. It ensures that the pre-release versions are correctly tagged and available for testing.
npx changeset publish
Lerna is a tool for managing JavaScript projects with multiple packages. It offers similar functionalities for managing pre-releases, but it is more focused on monorepo management as a whole, including bootstrapping, linking, and versioning.
semantic-release automates the versioning and package publishing process based on the commit messages. It supports pre-releases through configuration and plugins, offering a more automated approach compared to @changesets/pre.
standard-version is a tool for versioning and changelog generation based on conventional commits. It supports pre-releases through command-line options, providing a simpler alternative to @changesets/pre.
Enter and exit pre mode in a Changesets repo.
import { enterPre, exitPre } from "@changesets/pre";
await enterPre(cwd, tag);
let preState = await readPreState(cwd);
// version packages with @changesets/cli or get a release plan and apply it
await exitPre(cwd);
This package is used by internally by Changesets to enter and exit pre mode along with reading the pre state for the publish
and version
commands, you should only need it if you're using @changesets/assemble-release-plan
, implementing Changesets or want to enter or exit pre mode programmatically.
import { PreState } from "@changesets/types";
export function enterPre(cwd: string, tag: string): Promise<void>;
export function exitPre(cwd: string): Promise<void>;
export function readPreState(cwd: string): Promise<PreState>;
FAQs
Utils to make a Changesets repo enter and exit pre mode
The npm package @changesets/pre receives a total of 1,220,705 weekly downloads. As such, @changesets/pre popularity was classified as popular.
We found that @changesets/pre demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.