Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@fluentui/codemods
Advanced tools
This is a utility package to assist with the upgrading of libraries and apps that rely on fluentui.
If you have a typescript application or library that relies on a non-current version of Fluent UI then you can run npx @fluentui/codemods
to immediately begin an upgrade of your codebase, saving you the trouble of doing so manually! This works by finding all the tsconfig files and then using those to find the relevant files to upgrade before running the updates on each of them!
If your application relies on any Fluent UI package simply run
npx @fluentui/codemods
and the upgrade will begin if there are any relevant codemods to apply to your codebase!
Run
yarn
yarn start-test
To start testing the codemods
Add your codemods to the ./src/mods
folder with .mod.ts|tsx
as the file type.
Run
yarn build
To build
Run
npm pack
from the codemods package root to create a tar file for testing. Move the created tar file to the package you want to test and run
npx <tarFileName>
-n
Specify name(s) of codemod(s) to run. You can find these names in codemods/src/codemods/mods
. Make sure that they are enabled
before running them, or else they won't run!-r
Specify regex pattern(s) to identify mod(s) to run.-e
Boolean flag that flips the inclusion of the specify mods. Use this flag with the selective flags -n
or -r
to opt to exclude the selected mods rather than include them.-l
List the names of all enabled codemods. Mods that exist but aren't enabled will not appear, as running them would do nothing.-c
For developers who don't want to worry about the command line, they can create a modConfig.json
file in their repo. The template for the file looks like this, where stringFilters
and regexFilters
would correspond to inputs following -n
and -c
, respectively:{
"stringFilters": [],
"regexFilters": [],
"includeMods": true
}
enabled
codeods.flag
utility that will enable devs to note when a part of a file needs to be changed, but cannot be done via codemod.ts-morph:
SyntaxKind.block
it is the equivalent of the { stuff }
that is located in a function declaration and is where a lot of code lives.SyntaxKind.JSXOpeningElement
and SyntaxKind.JSXSelfClosingElement
getChildIndex
returns the child index respective to the immediate parent. It resets at each level. So consider the following:
function foo() {
const childIndex0 = "some other value";
const childIndex1 = "some value";
return childIndex2;
}
And then consider
function foo() {
const childIndex0 = "some other value";
const childIndex1 = "some value";
const nestedFunctionChildIndex2 = () => {
const childIndex0; // childindex is now 0
}
return childIndex3
}
FAQs
Tool enabling easy upgrades to new Fluent UI versions
The npm package @fluentui/codemods receives a total of 8 weekly downloads. As such, @fluentui/codemods popularity was classified as not popular.
We found that @fluentui/codemods demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.