Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@enterprise-cmcs/mdct-core
Advanced tools
The mdct-core npm package uses semantic-release to publish packages to the enterprise-cmcs npm org. To read more about semantic release please visit the following link: https://github.com/semantic-release/semantic-release
The publish workflow will run only when pull requests are merged into the main branch and the mechanism for publishing relies on the commit message to trigger a publishing build based on a few key words.
the 3 keywords for semantic release are as following:
"fix": this will up the patch version of the release number (note: semantic release calls patch a fix release)
"feat": this will update the minor version of the release number (note: semantic release calls this a feature release)
"perf": this will update the major version of the release number (note: semantic release calls this a breaking release)
For example:
fix(publishing from CI): my commit message of choice
note: the commit message needs to be on the merge commit when merging into main
FAQs
Core functionality used across CMS MDCT applications
We found that @enterprise-cmcs/mdct-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.