Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@dfds-contentful/migration
Advanced tools
This package facilitates working with Contentful migrations. It can infer migrations from content model changes on a Contentful environment and then apply them to other environments (such as staging
or master
) as part of your CI release pipeline. This is a wrapper around Contentful Migration API.
yarn migrate-auto --environment-id=<envId> --id=<typeId>
Compares the JSON from type typeId
on the Contentful environment to the JSON stored in migration/contentTypes
and creates corresponding migration script for the difference. This will work for the case when you
migration/migrations
, and a new or modified file in migration/contentTypes
yarn migrate-manual --id=<typeId>
If the automatic migration is not possible, we use this script to create a dummy migration file which you have to fill in manually, the syntax for migrations is described here.
Remember to update the local JSON in migration/contentTypes
along with the manual migration to reflect the changes to the data model.
yarn migrate-apply --environment-id=<envId>
Applies remaining migrations on a Contentful environment.
Note: A singleton entry of type migrationLog
is stored in the Contentful environment to keep track of what migrations have already been applied on this environment. If the environment doesn't contain a migrationLog, one will be created from scratch.
Note: This script should be part of your CI pipeline
yarn migrate-reorder --environment-id=<envId>
Tests if any of the migrations in the local setup have been applied out of order (relative to the specified environment) and offers to reorder them.
yarn migrate-interfaces --id=<typeId>
Copies editor interfaces from the 'dev' environment to target environment for a specific type. Not needed the first time a type is auto-migrated.
Using npm: npm install @dfds-contentful/migration
Using yarn: yarn add @dfds-contentful/migration
Recommended environment variables
Here is the developer workflow for making changes to Contentful Types:
Developers work on the dev environment, changing content types and creating mock content until the feature is ready to be released to the editors.
Once the feature / content type is ready, it is the developer's responsibility to make sure the changes propagate forward to staging and master environment. Note that the authoritative version of the content types is in the folder migration/contentTypes
If the changes made by the developers are trivial (adding a new type, or adding a new field to an existing type), use migrate-auto
yarn migrate-auto
script takes a diff between the Contentful type typeId
(from the environment specified in envId
) and the contentTypes
folder, and creates a timestamped migration file in the migrations
folder. In the case where automatic change detection is not possible, you would have to run yarn migrate-manual
fill in the migration file yourself.yarn migrate-auto
script also generates migrations for the editor interfaces. Unlike the JSON for the types, the JSON for editor interfaces is not stored together with the code, and will be propagated only once thru staging and master, at which point, master becomes the authoritative truth on editor interfaces.If the changes made by the developer are non-trivial, migration scripts need to be run manually:
The yarn migrate-manual --id=<typeId>
script: creates a file with a timestamped file name and boilerplate content for the type typeId
. For migration API syntax see This Migration CLI docs.
Rename field example (change field Id and then field name):
myType.editField(‘header’).changeFieldId(‘header’, ‘title’).name(‘Title’);
What should be checked into source control:
contentTypes
andmigrations
In order to apply migrations from the migrations
folder to a Contentful environment, the following script is used. This is currently part of the release process, but might be useful for testing purposes:
yarn migrate-apply --space-id=<spaceId> --environment-id=<envId> --management-token=<token>
folder | what it does |
---|---|
contentTypes | contains the authoritative version of the content types for this project |
incomingTypes | temporary folder containing the JSON for the content types downloaded from Contentful, and is used for diffs against the JSON in contentTypes to generate delta migrations, when possible |
migrations | contains migration scripts to be applied on target environments |
FAQs
migration scripts
The npm package @dfds-contentful/migration receives a total of 3 weekly downloads. As such, @dfds-contentful/migration popularity was classified as not popular.
We found that @dfds-contentful/migration demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.