Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@code-dot-org/craft
Advanced tools
Top-down 2D game engine for the Craft app type. See NOTICE for restrictions on use.
Note: proprietary materials fall under different rules, per the LICENSE.
You will need to first install Node.js
Check this project out from source:
git clone git@github.com:code-dot-org/craft.git
cd craft
Next, inside the project, you need to install the project's various NPM dependencies:
npm install
And you should now be ready to spin up a development build of your new project:
npm run dev
A browser should open with a Minecraft Hour of Code test page displayed:
All of the files required to run the game live in the src
folder, including any javascript, images, HTML (ejs templated), and CSS. When the default npm build
task is invoked, these files are compiled to a dist
directory.
Files in the dist
directory will always be generated and excluded from Git by the .gitignore
, as such these will removed without warning and should generally not be edited.
src
directory to avoid unnecessary copying during dev builds.npm run
Display a list of all scripts that can be run with NPM. Notable options include:
npm run build
npm run dev
Configures and runs an un-minified development build optimised for fast watch performance with source maps and live reload. Opens browser window pointing to a test page on first build.
npm run lint
npm run test:unit
The project comes with an unminified version of Phaser with arcade physics, this can be replaced if you require updates or one of the alternate physics engines.
You can install new npm-compatible libraries with:
npm install --save my-package-name
Then require it in your code with e.g. import MyCoolTimesavingLibrary from 'My-Cool-Timesaving-Library'
.
Some interesting npm libraries: list of browserify-friendly game modules, @substack's npm repositories.
Raw vendor packages can be added to src/test-build-only
and added directly to src/index.html.ejs
.
If adding new libraries that aren't CommonJS compatible, you'll have to additionally update the Browserify shim configuration in our package.json
.
We will try to follow the Airbnb ES6 styleguide.
Boilerplate based on the Phaser.js grunt/browserify boilerplate, which was based on 1 and 2.
FAQs
Top-down 2D game engine for the Craft app type. See NOTICE for restrictions on use.
We found that @code-dot-org/craft demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.