Security News
crates.io Ships Security Tab and Tightens Publishing Controls
crates.io adds a Security tab backed by RustSec advisories and narrows trusted publishing paths to reduce common CI publishing risks.
By Sarah Gooding -  Jan 27, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
@hubspot/local-dev-lib
Advanced tools
@hubspot/local-dev-lib
Provides library functionality for HubSpot local development tooling, including the HubSpot CLI
hubspot/local-dev-lib
Provides library functionality for HubSpot local development tooling, including the HubSpot CLI.
NOTE: This library is intended to replace the deprecated @hubspot/cli-lib library.
Overview
This library contains utils that facilitate interactions with HubSpot. It is consumed by the HubSpot CLI as well as other HubSpot development tooling. Major exports include:
- Config utils for managing HubSpot account configuration and access keys (docs)
- API utils to interact with HubSpot assets such as Design Manager and Developer Projects (docs)
- Utils to navigate the local filesystem, parse common HubSpot files, interact with common HubSpot objects, and connect with GitHub (docs)
Contributing
For more information on developing, see the Contributing Guide.
FAQs
Provides library functionality for HubSpot local development tooling, including the HubSpot CLI
The npm package @hubspot/local-dev-lib receives a total of 36,501 weekly downloads. As such, @hubspot/local-dev-lib popularity was classified as popular.
We found that @hubspot/local-dev-lib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 39 open source maintainers collaborating on the project.
Package last updated on 12 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consent.
By Kush Pandya -  Jan 27, 2026
Security News
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
By Sarah Gooding -  Jan 23, 2026