
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@joplin/joplin-plugin-toggle-sidebars
Advanced tools
This is a template to create a new Joplin plugin.
This is a template to create a new Joplin plugin.
The main two files you will want to look at are:
/src/index.ts
, which contains the entry point for the plugin source code./src/manifest.json
, which is the plugin manifest. It contains information such as the plugin a name, version, etc.The plugin is built using Webpack, which creates the compiled code in /dist
. A JPL archive will also be created at the root, which can use to distribute the plugin.
To build the plugin, simply run npm run dist
.
The project is setup to use TypeScript, although you can change the configuration to use plain JavaScript.
To update the plugin framework, run yo joplin --update
Keep in mind that doing so will overwrite all the framework-related files outside of the "src/" directory (your source code will not be touched). So if you have modified any of the framework-related files, such as package.json or .gitignore, make sure your code is under version control so that you can check the diff and re-apply your changes.
For that reason, it's generally best not to change any of the framework files or to do so in a way that minimises the number of changes. For example, if you want to modify the Webpack config, create a new separate JavaScript file and include it in webpack.config.js. That way, when you update, you only have to restore the line that include your file.
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.