Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@fairdataihub/psychic-broccoli
Advanced tools
Readme
Yet another (opinionated) typescript library starter template.
git clone https://github.com/fairdataihub/psychic-broccoli.git my-project
cd my-project
npm install
npm run setup
Or click on Use this template
button on GitHub!
To enable deployment, you will need to:
NPM_TOKEN
secret in GitHub actions (Settings > Secrets > Actions)GITHUB_TOKEN
write permissions for GitHub releases (Settings > Actions > General > Workflow permissions)Typescript Library Starter relies on volta to ensure node version to be consistent across developers. It's also used in the GitHub workflow file.
Leverages esbuild for blazing fast builds, but keeps tsc
to generate .d.ts
files.
Generates two builds to support both ESM and CJS.
Commands:
build
: runs typechecking then generates CJS, ESM and d.ts
files in the build/
directoryclean
: removes the build/
directorytype:dts
: only generates d.ts
type:check
: only run typecheckingtype:build
: only generates CJS and ESMtypescript-library-starter uses ava and esbuild-register so that there is no need to compile before the tests start running. The coverage is done through nyc.
Commands:
test
: runs ava test runnertest:coverage
: runs ava test runner and generates coverage reportsThis template relies on the combination of eslint — through typescript-eslint for linting and prettier for formatting. It also uses cspell to ensure spelling
Commands:
format
: runs prettier with automatic fixingformat:check
: runs prettier without automatic fixing (used in CI)lint
: runs eslint with automatic fixinglint:check
: runs eslint without automatic fixing (used in CI)spell:check
: runs spellcheckingUnder the hood, this library uses semantic-release and commitizen.
The goal is to avoid manual release process. Using semantic-release
will automatically create a github release (hence tags) as well as an npm release.
Based on your commit history, semantic-release
will automatically create a patch, feature or breaking release.
Commands:
cz
: interactive CLI that helps you generate a proper git commit message, using commitizensemantic-release
: triggers a release (used in CI)FAQs
Testing NPM publishes
We found that @fairdataihub/psychic-broccoli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.