Security News
Feross on TBPN: How North Korea Hijacked Axios
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
By Sarah Gooding - Apr 08, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@hover/javascript
Advanced tools
@hover/javascript 🛠📦
CLI toolbox for common scripts for my our projects
The problem
I We do a bunch of open source and want to make it easier to maintain so
many projects.
This solution
This is a CLI that abstracts away all configuration for my our open
source projects for linting, testing, building, and more.
Table of Contents
Installation
This module is distributed via npm which is bundled with node and
should be installed as one of your project's devDependencies:
yarn add -D @hover/javascript
Usage
This is a CLI and exposes a bin called hover-scripts. You'll find all
available scripts in src/scripts.
This project actually dogfoods itself. If you look in the package.json, you'll
find scripts with node src {scriptName}. This serves as an example of some of
the things you can do with hover-scripts.
Overriding Config
Unlike react-scripts, hover-scripts allows you to specify your own
configuration for things and have that plug directly into the way things work
with hover-scripts. There are various ways that it works, but basically if you
want to have your own config for something, just add the configuration and
hover-scripts will use that instead of it's own internal config. In addition,
hover-scripts exposes its configuration so you can use it and override only
the parts of the config you need to.
This can be a very helpful way to make editor integration work for tools like ESLint which require project-based ESLint configuration to be present to work.
So, if we were to do this for ESLint, you could create an .eslintrc with the
contents of:
{"extends": "./node_modules/@hover/javascript/eslint.js"}
Or, for babel, a .babelrc with:
{"presets": ["@hover/javascript/babel"]}
Or, for jest:
const {jest: jestConfig} = require('@hover/javascript/jest')
module.exports = Object.assign(jestConfig, {
// your overrides here
// for test written in Typescript, add:
transform: {
'\\.(ts|tsx)$': '<rootDir>/node_modules/ts-jest/preprocessor.js',
},
})
Note:
hover-scriptsintentionally does not merge things for you when you start configuring things to make it less magical and more straightforward. Extending can take place on your terms.IKent think[s] this is actually a great way to do this.For the record, so do I (Jamie)
LICENSE
MIT
FAQs
CLI toolbox for common scripts for JavaScript + TypeScript projects
The npm package @hover/javascript receives a total of 492 weekly downloads. As such, @hover/javascript popularity was classified as not popular.
We found that @hover/javascript demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 21 open source maintainers collaborating on the project.
Package last updated on 29 May 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Attackers Are Impersonating a Linux Foundation Leader in Slack to Target Open Source Developers
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.
By Sarah Gooding - Apr 08, 2026
Research
/Security News
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
By Kirill Boychenko - Apr 07, 2026