
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@codegouvfr/nextra-theme-dsfr
Advanced tools
Demo repo - Show me what it looks like
$ yarn add @codegouvfr/nextra-theme-dsfr @codegouvfr/react-dsfr @mui/material @emotion/styled @emotion/react @emotion/server
You have made some changes to the code and you want to test them in your app before submitting a pull request?
cd ~/github
git clone https://github.com/garronej/nextra-dsfr-demo
cd nextra-dsfr-demo
yarn
cd ~/github
git clone https://github.com/codegouvfr/nextra-theme-dsfr
cd nextra-theme-dsfr
yarn
yarn build
yarn link-in-app nextra-dsfr-demo
npx tsc -w
# Open another terminal
cd ~/github/nextra-dsfr-demo
rm -rf node_modules/.cache
yarn dev # Or whatever my-app is using for starting the project
You don't have to use ~/github
as reference path. Just make sure nextra-dsfr-demo
and nextra-theme-dsfr
are in the same directory.
For releasing a new version on GitHub and NPM you don't need to create a tag.
Just update the package.json
version number and push.
For publishing a release candidate update your package.json
with 1.3.4-rc.0
(.1
, .2
, ...).
It also work if you do it from a branch that have an open PR on main.
Make sure your have defined the
NPM_TOKEN
repository secret or NPM publishing will fail.
FAQs
DSFR theme for Nextra
The npm package @codegouvfr/nextra-theme-dsfr receives a total of 0 weekly downloads. As such, @codegouvfr/nextra-theme-dsfr popularity was classified as not popular.
We found that @codegouvfr/nextra-theme-dsfr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.