
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
@heroku-cli/command
Advanced tools
Base class for Heroku CLI commands. Built off of oclif.
This package provides the core functionality for Heroku CLI commands, including a comprehensive set of completion handlers for various Heroku resources. It serves as the foundation for building Heroku CLI commands with built-in support for command-line completion.
The package includes completion handlers for various Heroku resources:
The package includes a built-in APIClient
for making authenticated requests to the Heroku Platform API:
Example usage:
const heroku = new APIClient(config)
const {body: resources} = await heroku.get('/apps')
This package is primarily used as a dependency in other Heroku CLI plugins and commands. It provides the base functionality needed to implement Heroku CLI commands with proper completion support.
Built with TypeScript and uses the oclif framework for CLI command development.
FAQs
base class for Heroku CLI commands
The npm package @heroku-cli/command receives a total of 48,790 weekly downloads. As such, @heroku-cli/command popularity was classified as popular.
We found that @heroku-cli/command demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 54 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.