Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@good-fences/api
Advanced tools
<!-- Core implementation of [`good-fences-rs`](https://github.com/Adjective-Object/good-fences.rs) -->
A rust reimplementation of good-fences:
Good-fences is a tool that allows you to segment a TypeScript project into conceptual areas and manage dependencies between those areas. This is mostly a concern for large projects with many people working on them, where it is impossible for every developer to have a wholistic understanding of the entire codebase. JavaScript's module system is a specialized form of anarchy because any file can import any other file, possibly allowing access to code that was really meant to be an internal implementation detail of some larger system. Other languages have concepts like DLL boundaries and the internal keyword to mitigate this. Good-fences provides a way to enforce similar boundaries in the TypeScript world.
The original good-fences implementation came with some limitations:
Rust's safe concurrency and memory safety allows us to re-write original project with additional performance benefits, leaning on swc for javascript/typescript parsing.
good-fences-rs
includes a CLI and an API, under the name @good-fences/api
.
Compatible with x86
and x64
windows and linux platforms.
Linux:
GCLIB
>= 2.27 (preinstalled with ubuntu 18)npm
Via npm.
npm install -g @good-fences/api
Cloning the repo:
git clone https://github.com/Adjective-Object/good-fences-rs-core
cd good-fences-rs-core
npm install
npm run build
npm install -g
npm install @good-fences/api
Use it in your project:
import { goodFences } from '@good-fences/api';
goodFences({...});
To run the good-fences
cli we need at least two things:
fence.json
configuration files.tsconfig.json
file. (see tsconfig reference)Let's assume a project like this:
├── my-project
│ ├── src
│ │ ├── **/*.ts
| | ├── index.js
| │ ├── fence.json
| tsconfig.json
From your terminal you can run this:
cd my-project
good-fences src
[paths]
: the cli takes only the paths
argument, a list, separated with spaces, of all directories that are going to be scanned.--project
or -p
If you have your tsconfig file splitt and want to use the one containing compilerOptions.paths
instead of the default tsconfig.json
good-fences src --project tsconfig.with-paths.json
--baseUrl
In cases like the one above, it could be that different tsconfig files have different compilerOptions.baseUrl
configuration, you can override that valua from your specified --project
file with --baseUrl
flag.
good-fences src --project tsconfig.without-baseurl.json --baseUrl .
--output
or -o
The --output
flag takes a path. At the end of checking, fence violation errors will be saved to the provided path as json.
good-fences src --output fenceViolations.json
cat fenceViolations.json
For some cases, scanning your cwd
could be needed but most projects have node_modules
that isn't necessary to perform evaluations, in those cases --ignoreExternalFences
makes good-fences skip all directories and files from node_modules
.
good-fences . --ignoreExternalFences
--ignoredDirs
This takes a list of regular expressions as input values, separated with spaces. In case certain directories need to be ignored during the fence evaluation, this will perform regular expression matching on fence paths to ignore them (e.g. --ignoredDirs lib
will not evaluate files under any lib
directory).
good-fences src --ignoredDirs ignored1 ignored2 ...
FAQs
<!-- Core implementation of [`good-fences-rs`](https://github.com/Adjective-Object/good-fences.rs) -->
We found that @good-fences/api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.