
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@condenast/flyway-schema-validator
Advanced tools
Does what it says on the tin.
See https://condenast.github.io/flyway-api-docs/.
To use as a node.js module, make sure you're in your project source and run:
npm i --save @condenast/flyway-schema-validator
To use as a command line module, install globally with the following command:
npm i -g @condenast/flyway-schema-validator
const validator = require('@condenast/flyway-schema-validator');
const isValid = validator(someFlywayAPIObject);
try {
// invalid
const invalidThrows = validator({ invalid: true });
} catch (err) {
// error describes the validation issues.
}
*nix Piping:
cat someObj.json | flyway-schema-validator
Reading from a file directly:
flyway-schema-validator -f ./someObj.json
To publish updates, you must bump the version number using npm version major|minor|patch
, and push the generated commit and tag to github.
CI will detect a new tag push and automatically build and publish it.
Generally the workflow after merging a PR should be
git checkout master
git pull
npm version patch|minor|major|v11.x.x # <--- this also generates a git commit and tags it based on the new version
git push origin master # push that commit to master
git push origin --tags
CI will now pickup and build your changes.
NOTE: we use a new branch that tracks origin master so if you have accidentally commited to master locally, that doesn't get published without any PR. If you're confident that your master matches origin EXACTLY feel free to do this on your local master branch.
MIT.
FAQs
A joi schema validator for flyways types
The npm package @condenast/flyway-schema-validator receives a total of 100 weekly downloads. As such, @condenast/flyway-schema-validator popularity was classified as not popular.
We found that @condenast/flyway-schema-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 451 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.