
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@cubetool/cli
Advanced tools
开发者工具 CLI 命令接口
npm install @cubetool/cli -g
注意:如果之前装过旧版 cube 开发者工具,需要手动先卸载,卸载参考命令:sudo npm uninstall @hao360/cubetool -g
与旧版不同,v2 版的开发者工具基础功能只包括简单的编译功能,其他功能都交由插件实现,这样能方便不同的使用场景下自行拓展功能。
在官方 cli 工具下提供了 doctor 子命令用来初始化和工具异常损坏下的修复尝试,初次安装完可以使用以下命令进行工具初始化:
cubetool doctor
cubetool --help 打印帮助信息,同时可在任意子命令下使用。cubetool --debug debug 模式,将在控制台打印日志。cubetool --npm-registry 设置开发者工具内部 npm registry,在安装插件等子命令时比较有用。插件管理相关功能。
cubetool plugin list 打印已安装插件。cubetool plugin install 安装插件。cubetool plugin uninstall 卸载插件。开发者工具功能检测。
cubetool doctor 默认打印系统相关信息、系统插件检测、版本检测功能。cubetool doctor info 仅打印系统相关信息。cubetool doctor version 开发者工具和已安装插件版本检测。cubetool doctor sysplugins 检测核心系统插件,如缺失将自动安装相应插件。版本检测
cubetool check beta 检查 beta tag 下版本。可通过插件的方式拓展 cubetool 支持的命令,只需在插件模块下配置 clis 对象即可,具体参考开发文档。
FAQs
开发者工具 CLI 命令接口
The npm package @cubetool/cli receives a total of 12 weekly downloads. As such, @cubetool/cli popularity was classified as not popular.
We found that @cubetool/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.