
Security News
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.
@coboxcoop/replicator
Advanced tools
CoBox is an encrypted p2p file system and distributed back-up tool. README provides a map of the project.
replicator provides a base class for replication. Initialises keys with validations, sets up storage paths, initialises feeds and enables replication.
These are all common functions for any space class, so we can inherit from the replicator class to extend functionality, such as for space, or admin space, which initialize additional but different logs.
npm i -g @coboxcoop/replicator
const Replicator = require('@coboxcoop/replicator')
// you can either create a replicator instance (see tests), or inherit to add further functionality, e.g.
class MyReplicatorClass {
constructor (storage, address, identity, opts) {
super(storage, address, identity, opts)
// initFeeds must be called to initialize multifeed and storage correctly
this._initFeeds({})
}
}
See swagger documentation... (we won't have this for a while).
PRs accepted.
Small note: If editing the README, please conform to the standard-readme specification.
FAQs
base class for replication using multifeed
The npm package @coboxcoop/replicator receives a total of 9 weekly downloads. As such, @coboxcoop/replicator popularity was classified as not popular.
We found that @coboxcoop/replicator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.

Product
Socket is now scanning AI agent skills across multiple languages and ecosystems, detecting malicious behavior before developers install, starting with skills.sh's 60,000+ skills.

Product
Socket now supports PHP with full Composer and Packagist integration, enabling developers to search packages, generate SBOMs, and protect their PHP dependencies from supply chain threats.