
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@cubetool/base
Advanced tools
cubetool 开发者工具核心模块,可集成到各应用场景进行 cube 项目开发管理。
import cubeTool from '@cubetool/base';
const myCubeTool = cubeTool('myapp/v1', {
logPath: '/var/log/cubetool',
});
const {ENV, log, config, plugin, Project} = myCubeTool;
const cubeProject = new Project(process.cwd());
cubeTool(name, options)| key | type | desc | defaul |
|---|---|---|---|
| spath | string | 项目配置目录 | $HOME/.cubetool |
| pluginsPath | string | 插件安装目录 | $HOME/.cubetool/plugins |
| logLevel | string | log 目录 | $HOME/.cubetool/plugins |
| logPrint | bool | 是否打印日志 | false |
| logLevel | string | 日志记录级别 | 'warn' |
日志级别支持:debug、info、notice、warn、error
| object | desc |
|---|---|
| ENV | 运行环境常量 |
| log | log 对象,使用参考 npmlog |
| config | 配置对象 |
| plugin | 插件实例 |
| Project | 项目类 |
具体信息请参考开发文档
utils{}为方便开发,提供的工具函数集,可使用如下方法引入:
import {utils} from '@cubetool/base';
utils.exec(command, options = {}, argvs = [])执行命令。返回 child_process,并且添加promise()方法,如:
let execProcess = utils.exec('ls', { cwd: '/home' }, ['-la']);
let { stdout, stderr } = await execProcess.promise();
utils.request(url, options={})发起网络请求。
utils.mkdir(path)创建目录,如果父目录不存在将递归创建父级目录。
utils.touchFile(path, content = '')如果文件不存在则使用指定 content 内容在 path 下创建文件。
utils.uniqId(len = 10)使用指定 len 长度生成随机字符串 id。
utils.getPackageData(path)获取指定路径模块信息。
utils.getResolveModulePath(path)根据指定位置往上查找最近的 node_modules 文件夹。
utils.loglog 对象,使用参考 npmlog
utils.conf(opts)返回 conf 实例,使用参考 conf 。
utils.npmnpm 操作,cubetool 底层的插件等功能使用该模块实现。
npm.setRegistry(registry) 设置全局registry
npm.install(name, options, argvs) 安装模块
npm.uninstall(name, options, argvs) 卸载模块
npm.update(name, options, argvs) 更新模块
install、uninstall、update 方法底层调用 utils.exec() 方法,其参数:
请参考插件开发文档。
FAQs
The npm package @cubetool/base receives a total of 176 weekly downloads. As such, @cubetool/base popularity was classified as not popular.
We found that @cubetool/base demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.