Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@clarle/grunt-yui-contrib
Advanced tools
Various Grunt tasks used to within the YUI Project.
>>
>> Showing YUI specific help commands
>>
build Build the entire library (and npm package) locally with yogi
release Build a release (dist, cdn and npm)
build-test Build and test the entire library
test Test the library with yogi
test-cli Test the library via CLI with yogi
travis Perform a travis test (uses enviroment vars to determine tests)
help Show this stuffs
>> Options:
--release-version=<VERSION> Pass to set the version of the release (optional, will read from package.json)
--release-build=<BUILD> Pass to set the build number of the release, if not passed the git sha will be used.
--cache-build Cache the shifter build.
>> Env Vars:
GRUNT_SKIP_BUILD=1 Skip the `build` step (used if you need to `npm i` more than once.
GRUNT_SKIP_PREBUILD=1 Will skip release prebuild (don't build into ./build, only build into ./release)
FAQs
YUI Build Tasks
The npm package @clarle/grunt-yui-contrib receives a total of 2 weekly downloads. As such, @clarle/grunt-yui-contrib popularity was classified as not popular.
We found that @clarle/grunt-yui-contrib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.