Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@embroider/addon-dev
Advanced tools
Utilities for working on v2 addons.
For a guide on porting a V1 addon to V2, see https://github.com/embroider-build/embroider/blob/main/docs/porting-addons-to-v2.md
@embroider/addon-dev/rollup
exports utilities for building addons with rollup. To use them:
Add the following devDependencies
to your addon:
Copy the ./sample-rollup.config.js
in this repo to your own rollup.config.js
.
Copy the ./sample-babel.config.json
in this repo to your own babel.config.json
.
A rollup plugin to expose a folder of assets. path
is a required to define which folder to expose. options.include
is a glob pattern passed to walkSync.include
to pick files. options.exlude
is a glob pattern passed to walkSync.ignore
to exclude files. options.namespace
is the namespace to expose files, defaults to the package name + the path that you provided e.g. if you call addon.publicAssets('public')
in a v2 addon named super-addon
then your namespace will default to super-addon/public
.
The addon-dev
command helps with common tasks in v2 addons.
devDependencies
from an embedded test application out into
your addon's actual package.json(You can avoid the need for both of these if you keep your addon and its test app as separate packages in a monorepo instead.)
See the top-level CONTRIBUTING.md in this monorepo.
This project is licensed under the MIT License.
FAQs
Utilities for addon authors
The npm package @embroider/addon-dev receives a total of 6,921 weekly downloads. As such, @embroider/addon-dev popularity was classified as popular.
We found that @embroider/addon-dev demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.