Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@easypost/build
Advanced tools
Tools for generating webpack config to build easypost projects like @easypost/api.
npm install --save @easypost/node-build
This package is meant to build @easypost packages only, and will not accept public issues unless relating to packages under the @easypost NPM namespace.
"build": "ep-node-build"
to your npm scripts"watch": "ep-node-build --watch"
to your npm scripts too"lint": "ep-node-build lint"
to your npm scripts for maximum points. You can run it with
--fix
too.Run npm run build
or npm run watch
respectively.
This will automatically load and merge any ${CWD}/webpack.config.js
you happen to be using.
If you need further customization, create a node-build.js
file, which exports a function that
takes webpack config and returns webpack config (see ./examples/node-build.js
for a template.)
mini-css-extract-plugin
to fix a high severity "Regular Expression Denial of Service" vulnerabilitycss-loader
, file-loader
, and postcss-loader
deps to resolve vulnerabilitiescopy-webpack-plugin
usageMIT Licensed. See LICENSE file for details. Copyright (c) 2019 Easypost (Simpler Postage, Inc).
FAQs
build tools for easypost frontends
The npm package @easypost/build receives a total of 3 weekly downloads. As such, @easypost/build popularity was classified as not popular.
We found that @easypost/build demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.