Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@culturehq/scripts
Advanced tools
A collection of scripts for JavaScript and TypeScript development
CultureHQ's CLI toolbox for JavaScript projects.
You install this module as a dev dependency in your package, as in:
yarn add --dev @culturehq/scripts
From there you can invoke any of the scripts listed in src/scripts
by running chq-scripts [script]
. You can add these to your package.json
by adding to the scripts
key, as in:
{
"scripts": {
"lint": "chq-scripts lint",
"test": "chq-scripts test"
}
}
The scripts themselves are listed below:
lint
Runs eslint
with the @culturehq/eslint-config
base configuration.
If you want to override the configuration, you can do all of the normal eslint
config patterns of either creating a .eslintrc
file, a .eslintrc.js
file, putting a eslintConfig
prop in your package.json
, or passing the --config
flag on the command line.
To make sure you're extending the config for this project, make sure you add extends: ["@culturehq"]
to your config. If there are conflicts with your version of eslint
, it's possible this config will be nested under the @culturehq/scripts
directory, in which case you would need to add extends: ["./node_modules/@culturehq/scripts/node_modules/@culturehq/eslint-config"]
to your config.
test
Runs jest
with a pre-built configuration from src/config/jestConfig.js
.
If you need to do something special at the beginning of the tests, chq-scripts
supports adding a setupTests.js
file at the root of the repository which will be automatically run before jest
starts.
Ensure you have node
and yarn
installed on your system. Then run yarn
in the root of the repository to install the dependencies. Tests are run with yarn test
and linting is run with yarn lint
.
Bug reports and pull requests are welcome on GitHub at https://github.com/CultureHQ/scripts.
The code is available as open source under the terms of the MIT License.
FAQs
A collection of scripts for JavaScript and TypeScript development
We found that @culturehq/scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.