Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@ckeditor/ckeditor5-integrations-common
Advanced tools
This package implements common utility modules for integration projects.
Official CKEditor 5 common integration utils. This package contains a set of utilities that are shared between CKEditor 5 framework integrations such like:
The prime example of such shared utility might be the CKEditor 5 Cloud integration loader that is used by all integrations to dynamically load the editor from the CDN.
It's highly recommended to not use this package directly in your application because it's intended to be used by through the integrations listed above. However, if you need to use it directly (because you are using framework that is not supported by the integrations), you can use it as a standalone package, but keep in mind that the API is designed to be used by the integrations and might not be user-friendly.
After cloning this repository, install the necessary dependencies:
npm install
You can also use Yarn.
You can start the development server using the command below:
npm run dev
To test the editor integration against a set of automated tests, run the following command:
npm run test
If you want to run the tests in watch mode, use the following command:
npm run test:watch
To build the package that is ready to publish, use the following command:
npm run build
CircleCI automates the release process and can release both channels: stable (X.Y.Z
) and pre-releases (X.Y.Z-alpha.X
, etc.).
Before you start, you need to prepare the changelog entries.
#master
branch is up-to-date: git fetch && git checkout master && git pull
.git checkout -b release-[YYYYMMDD]
where YYYYMMDD
is the current day.yarn run changelog --branch release-[YYYYMMDD] [--from [GIT_TAG]]
.
By default, the changelog generator uses the latest published tag as a starting point for collecting commits to process.
The --from
modifier option allows overriding the default behavior. It is required when preparing the changelog entries for the next stable release while the previous one was marked as a prerelease, e.g., @alpha
.
Example: Let's assume that the v40.5.0-alpha.0
tag is our latest and that we want to release it on a stable channel. The --from
modifier should be equal to --from v40.4.0
.
This task checks what changed in each package and bumps the version accordingly. It won't create a new changelog entry if nothing changes at all. If changes were irrelevant (e.g., only dependencies), it would make an "internal changes" entry.
Scan the logs printed by the tool to search for errors (incorrect changelog entries). Incorrect entries (e.g., ones without the type) should be addressed. You may need to create entries for them manually. This is done directly in CHANGELOG.md (in the root directory). Make sure to verify the proposed version after you modify the changelog.
#master
branch.@ckeditor/ckeditor-5-devops
team to review the pull request and trigger the release process.Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file.
FAQs
This package implements common utility modules for integration projects.
The npm package @ckeditor/ckeditor5-integrations-common receives a total of 55,410 weekly downloads. As such, @ckeditor/ckeditor5-integrations-common popularity was classified as popular.
We found that @ckeditor/ckeditor5-integrations-common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.