Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@forestryio/cli
Advanced tools
The CLI can be used to setup your local site with Forestry.io configuration.
Npm:
npm install --save-dev @forestryio/cli
Yarn:
yarn add --dev @forestryio/cli
Arguments wrapped in []
in the command name are optional.
You can get help on any command with -h
or --help
.
e.g:
yarn forestry schema:gen-query --help
This will describe how to use the schema:gen-query command.
Generate a GraphQL query for your site's schema
--typescript Include this option to also generate typescript types for your schema
Check for .forestry/front_matter/templates folder for any issues.
--path Specify a relative path to the .forestry folder (eg. my-site)
Start a GraphQL server using your Filesystem's content as the datasource.
--port Specify a port to run the server on. (default 4001)
To run this project locally in another directory, you can create a symlink by running
npm link
Then Forestry can be run in another directory by running:
forestry <commands>
Alternatively, the CLI can be added to a project instead of being used globally.
To run the command locally in this project directory, you can run:
yarn forestry <commands>
To access some third party services, you will need to add a .env file. Use the .env.example to fill in the example keys.
FAQs
Unknown package
The npm package @forestryio/cli receives a total of 16 weekly downloads. As such, @forestryio/cli popularity was classified as not popular.
We found that @forestryio/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.