Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@graph8/devex
Advanced tools
g8-devex
Canonical Cursor governance + spec-driven development rules for graph8 repos.
What This Repo Is
A template payload + CLI consumed by npx g8 init to bootstrap:
.cursor/rules/*— Cursor enforcement rules- Governance files —
manifesto.md,standards.md,playbook.md,AGENTS.md specs/— Spec-driven development scaffolding
Quick Start
In any target repo:
npx @graph8/devex init
Then commit the created files. Done.
Commands
npx @graph8/devex init
Bootstrap governance + Cursor rules into current repo.
Safe mode (default):
- Creates missing files only
- Never overwrites existing files
- Leaves custom rules untouched
npx @graph8/devex init
Force mode:
- Overwrites existing standard files with latest templates
npx @graph8/devex init --force
npx @graph8/devex doctor
Check repo DevEx health and report issues.
npx @graph8/devex doctor
Reports:
- Missing governance files
- Missing Cursor rules
- Presence of legacy
.cursorrules - Governance Level (0–5)
- Recommended fixes
What Gets Installed
Cursor Rules (.cursor/rules/)
| File | Purpose |
|---|---|
00-principles.mdc | Core engineering philosophy |
10-governance.mdc | Rule severity levels, dependency rules |
20-spec-protocol.mdc | When/how to create specs before coding |
90-emergency.mdc | Hard stops, escalation triggers |
Governance Files
| File | Purpose |
|---|---|
manifesto.md | Engineering philosophy |
standards.md | Technical standards and constraints |
playbook.md | Team process and SLOs |
AGENTS.md | Quick commands for AI agents |
Specs Directory
| File | Purpose |
|---|---|
specs/backlog.md | Tracks active and completed specs |
Documentation
- Migration Guide — migrate from
.cursorrulesto.cursor/rules/ - Spec Example — real example of a well-structured spec
- Changelog — version history
Versioning
This repo is versioned via git tags (e.g. v1.0.0).
The CLI defaults to the version it was published with.
Development
# Install dependencies
npm install
# Build
npm run build
# Test locally
node dist/index.js init
Safety Guarantees
| Scenario | Behavior |
|---|---|
| Standard file missing | Create |
| Standard file exists | Skip |
| Standard file modified | Report only |
| Custom rule file | Leave untouched |
.cursorrules present | Warn; do not delete |
Overwrite requires explicit --force.
FAQs
DevEx bootstrap CLI for spec-driven development with Cursor
The npm package @graph8/devex receives a total of 35 weekly downloads. As such, @graph8/devex popularity was classified as not popular.
We found that @graph8/devex demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 Dec 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026