Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@glideapps/ts-helper
Advanced tools
This is a simple TypeScript tool we use at Glide for two purposes so far:
import/no-cycle
rule
for this, but on our project it's both very slow and sometimes doesn't find existing cycles.We've only implemented as much as we needed to make this work on our codebase, so there might be cases it doesn't support, or on which it crashes on. If you run into such a case, please considering sending us a PR, or at least report the issue with a reproduction.
-p|--project TS-PROJECT
Adds a project. TS-PROJECT
can be either a directory with a tsconfig.json
file in it, or the path to a TypeScript
config file. ts-helper will add project references recursively, but you can add more than one root project if you need
to.
-r|--root SOURCE-FILE
Adds a root TypeScript source file. This file must be in one of the specified projects. You can add more than one.
-c|--detect-cycles
Runs cycle detection on all the source files reachable from the roots. If it detects a cycle it will print one of the cycles it found and exit with an error status.
Note that it only considers "strong" imports for cycle detection, vs type
imports and lazy imports.
-o|--output FILENAME
Outputs a JSON file with the dependency graph.
-v|--verbose
Print messages when it's reading and processing projects.
In our main repository for Glide we have two TypeScript projects - one for the frontend and one for the backend. The frontend one has one root source file and the backend has two - one for the actual backend and one for a CLI. Here's how we run ts-helper to detect cycles in that codebase:
npx "@glideapps/ts-helper" \
-p ~/Work/glide/functions \
-r ~/Work/glide/functions/src/cli.ts \
-r ~/Work/glide/functions/src/index.ts \
-p ~/Work/glide/app \
-r ~/Work/glide/app/src/index.tsx \
-c
FAQs
Analyze TypeScript projects
We found that @glideapps/ts-helper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.