
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
@cypress/github-commit-status-check
Advanced tools
Small utility for setting GitHub commit status based on GH app installation
This utility is meant to be used by GitHub App installations. Thus your environment should have the following 3 pieces of authentication information set as environment variables:
GH_APP_ID
GH_INSTALLATION_ID
GH_PRIVATE_KEY
The GH_PRIVATE_KEY
is the base64-encoded private key. For example, if you copy the contents of the private "pem" file into your clipboard, from the terminal you can execute "pbpaste | base64 | pbcopy" and get the encoded string in the clipboard.
As always, for local use I recommend as-a utility.
Primary use via module API, see src/index.ts
import { setCommitStatus } from '@cypress/github-commit-status-check'
await setCommitStatus({
// bunch of options
})
There is a bin script src/bin/set-commit-status.ts that reads options from command line arguments. For example, if environment variables are stored under block set-status
in your as-a settings, then:
$ as-a set-status npm run set-commit-status -- --repo ...
$ as-a set-status npm run add-commit-comment -- --repo ...
Run with environment variable DEBUG=@cypress/github-commit-status-check
to see more log messages
FAQs
Set GitHub commit status
The npm package @cypress/github-commit-status-check receives a total of 243 weekly downloads. As such, @cypress/github-commit-status-check popularity was classified as not popular.
We found that @cypress/github-commit-status-check demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.