Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@form8ion/javascript-core
Advanced tools
@form8ion/javascript-core
core logic for form8ion tools related to JavaScript, like javascript-scaffolder and lift-javascript
coverageShouldBeReported# javascript-core
core logic for form8ion tools related to JavaScript, like javascript-scaffolder and lift-javascript
Table of Contents
- Usage
- Contributing
Usage
Installation
$ npm install @form8ion/javascript-core --save-prod
Example
Import
const {scaffoldChoice} = require('@form8ion/javascript-core');
Execute
(async () => {
await scaffoldChoice(
{foo: {scaffold: options => options}},
'foo',
{bar: 'baz'}
);
})();
API
scaffoldChoice
A generic function that executes the scaffolder function from a provided map
of options based on the chosen option name.
Takes three unnamed arguments:
choices object (required)
- keys: string Name of the choice
- values: object
scaffolder: function (required) scaffolds the choice options
choice string (required)
Name of the choice. SHOULD match a key from the choices object.
options object (optional)
options object to be passed as the only argument to the chosen scaffolder
installDependencies
A function that installs the provided package dependencies.
Takes four unnamed arguments:
dependencies list of strings (required)
The list of package names to be installed.
dependenciesType string (required)
Defines if the provided list of package names should be installed as prod or
dev dependencies. If "dev" is provided, the list will be installed with the
--save-exact flag.
projectRoot string (optional)
Filesystem path to the root of the project
packageManger string (optional)
Specifies the name of the package manager to be used for dependency
installation. Defaults to npm
Dependency-types Constants
Constants to define the valid options for dependenciesType
PROD_DEPENDENCY_TYPEDEV_DEPENDENCY_TYPE
projectTypes
Constants defining the types of possible JavaScript projects
APPLICATIONPACKAGECLI
packageManagers
Constants defining the available package managers
NPMYARN
dialects
Constants defining the available JavaScript source dialects
COMMON_JSBABELESMTYPESCRIPT
projectTypeShouldBePublished
Predicate function to determine if the project-type is one that should be published
Takes one argument:
projectType string (required)
Should be one of the project-type options
coverageShouldBeReported
Predicate function to determine if coverage should be reported
Takes two arguments:
visibility string (required)
visibility of the project (Public or Private)
tests object (required)
unitboolean (optional) Whether the project will be unit-tested
writePackageJson
Writes the provided config to the package.json for the project
Accepts an options object as the only argument, with the following properties:
projectRoot string (required)
Filesystem path to the root of the project
config object (required)
The config to be written to the package.json as the entire contents of the
file
mergeIntoExistingPackageJson
Merges the provided config into the existing package.json for the project
Accepts an options object as the only argument, with the following properties:
projectRoot string (required)
Filesystem path to the root of the project
config object (required)
The config to be merged with the existing contents of the package.json
Node version categories
Helpers for determining supported node.js versions in categories defined by package support guidelines. Refer to the release schedule for current statuses.
determineLtsNodeMajorVersions
Returns a list of the major LTS versions currently in active or maintenance status, optionally filtered by a provided semver range.
Accepts an options object as the only argument, with the following properties:
withinRange string (optional)
A semver range, compatible with node-semver, to filter the list of active major LTS versions by.
determineSupportedNodeMajorVersions
Returns a list of the major versions currently not in end-of-life status, optionally filtered by a provided semver range.
Accepts an options object as the only argument, with the following properties:
withinRange string (optional)
A semver range, compatible with node-semver, to filter the list of active major LTS versions by.
Contributing
Dependencies
$ nvm install
$ npm install
Verification
$ npm test
FAQs
core logic for form8ion tools related to JavaScript, like javascript-scaffolder and lift-javascript
The npm package @form8ion/javascript-core receives a total of 4,712 weekly downloads. As such, @form8ion/javascript-core popularity was classified as popular.
We found that @form8ion/javascript-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 24 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025