
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@circle.so/spaces
Advanced tools
Create an API token here: `https://circle.example.com/settings/api/new`
Create an API token here:
https://circle.example.com/settings/api/new
$ npm install --save @circle.so/posts
$ npm install --save @circle.so/spaces
$ npm install --save-dev @circle.so/types
See spaces/spaces.test.ts
, posts/posts.test.ts
, and @circle.so/types
for
more options.
import { Spaces } from '@circle.so/spaces'
// Pass your API key to the constructor
const api = new Spaces({ api_key: process.env.CIRCLE_API_KEY })
const space = await api.add({ community_id: 1, name: "New space" })
console.log(space.name)
// "New space"
Uses patterns for a typescript monorepo found here: https://blog.frankdejonge.nl/setting-up-a-typescript-mono-repo-for-scoped-packages/
$ npm install --dev
$ cp env.sample .env
# Update .env with a Circle API key.
$ source .env
$ npm run tests
Following this pattern: https://www.yieldcode.blog/post/npm-workspaces/ https://stackoverflow.com/questions/72055371/npm-workspaces-typescript-unable-to-find-local-modules
$ npm init --workspace packages/types --scope @circle.so -y
$ ls -la node_modules/@circle.so/
$ npm install @circle.so/types --workspace ./packages/spaces
$ cat packages/spaces/package.json | grep -C1 circle
$ npm ls
$ npm run build -ws
$ npm version patch -ws --verbose
# git commit and push
$ npm publish --access public -ws --verbose
npm run build
creates artefacts in package/*/src
files that prevent
interim package builds to not run which causes confusion.types
package first
npm run build:types
./src
and run the build script. We should fix this.paths
and exclude
in tsconfig.json
at the root level
we had all sorts of errors with resolving packages.FAQs
Create an API token here: `https://circle.example.com/settings/api/new`
We found that @circle.so/spaces demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.