Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@hackney/mat-process-utils
Advanced tools
Reusable steps and tools for Manage a Tenancy processes
Reusable steps and tools for Manage a Tenancy processes
Warning: This project is still in beta. No promises of stability are made.
Install the package from NPM in the usual way. This library supports React 16 or newer. You will need to install it as a peer dependency.
npm install mat-process-utils react@">=16"
or
yarn add mat-process-utils react@">=16"
Note that to use the useDatabase
React hook, you will need to be using React
16.8 or newer.
See the documentation website (generated with TypeDoc).
We use Jest for testing.
To run the unit tests:
npm run test:unit
To run the unit tests, updating changed snapshots:
npm run test:unit:update
To run the tests for all examples, including building:
npm run test:examples
To run the tests for all examples, including building, updating changed snapshots:
npm run test:examples:update
To run the full test suite, including building:
npm run test:all
To run the full test suite, including building, updating changed snapshots:
npm run test:all:update
To run the full test suite, including format checking, linting, and building:
npm test
To run the full test suite, including format checking, linting, and building, fixing any issues and updating snapshots:
npm run test:update
We use TypeDoc to generate our documentation website from the types and comments in our code. We use GitHub pages to host that site.
TypeDoc has a syntax similar to that of JSDoc, but unlike with JSDoc, we shouldn't specify types or label every property or argument, as they are generated from the TypeScript directly. See here for the syntax supported by TypeDoc.
To generate the documentation locally:
npm run build:docs
You can test the output by opening tmp/docs/index.html
from your local
filesystem in your browser.
We use Prettier to format our code. There are lots of editor integrations available, and the style is enforced by a Git pre-commit hook.
To run the formatter:
npm run format
We use ESLint, in addition to TypeScript's compiler, for verifying correctness and maintainability of code.
To run the linter:
npm run lint
To run the linter in fix mode:
npm run lint:fix
We can also check that all files (except package.json
and package-lock.json
because Dependabot can get very noisy) have code owners:
npm run lint:codeowners
Create a new branch called release/vx.y.z
, where x.y.z
is the new version
number, following Semantic Versioning.
Update CHANGELOG.md
to batch the changes in this version under a heading in
the following format:
## [Unreleased]
## [x.y.z] - DD-MM-YYYY
### Added
...
## [a.b.c] - DD-MM-YYYY
### Added
...
[unreleased]:
https://github.com/LBHackney-IT/mat-process-utils/compare/vx.y.z...HEAD
[x.y.z]:
https://github.com/LBHackney-IT/mat-process-utils/compare/va.b.c...vx.y.z
[a.b.c]: ...
Commit the changes as "Update the changelog in preparation for vx.y.z
".
Run the version bumping script:
bin/bump-version "x.y.z"
Push the branch and create a pull request, copying the contents of this version from the changelog into the description.
Get the pull request reviewed.
When approved and ready to publish:
bin/publish "x.y.z"
Merge the pull request and publicize the release.
We use ADRs to document architecture decisions that we make. They can be found
in docs/adr
and contributed to with
adr-tools.
[0.1.0] - 25-05-2020
Initial release.
https://github.com/LBHackney-IT/mat-process-utils/compare/v0.1.0...HEAD
FAQs
Reusable steps and tools for Manage a Tenancy processes
We found that @hackney/mat-process-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.