
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@kabeep/neoconfig
Advanced tools
[!TIP]
By default, the themes directory is empty. You can add your custom configuration files or use configurations shared by the open-source community (see the "Related Repositories" section below).
Easily switch between custom NeoFetch themes from the command line, enabling quick transitions between presets for screen recording and presentation scenarios.
Install NeoFetch. Without it, this package serves no purpose.
NPM (Node.js)
npm i -g neofetch
Windows
scoop i -g neofetch
MacOS
brew i -g neofetch
Use a terminal that supports Unicode Symbols for the best experience with NeoFetch and NeoConfig.
(Many terminals, such as zsh, CMD, PowerShell, and JetBrains, support such fonts natively, so this step may be optional.)
Some terminals have limited or no support, especially those based on
xterm-256color, likeMicrosoft/VSCodeorVercel/Hyper. See https://github.com/xtermjs/xterm.js/issues/2693 for details.In such cases, you'll need to download a compatible font. We recommend Nerd Symbols Font, which is widely used in command-line applications.
After downloading the font, configure your terminal accordingly. For example, on Windows 11 and Hyper:
Install the font via
Settings>Personalization>Fonts. Add the font name to thefontFamilysetting inHyper's configuration file. The same applies to editors likeSublime TextandVSCode.
npm install --global @kabeep/neoconfig
yarn add --global @kabeep/neoconfig
pnpm add --global @kabeep/neoconfig
neoconfig -h
neoconfig [options]
Options:
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
neoconfig
? Please select a neofetch theme.
❯ ⚙️ default.conf
📁 large
📁 small
📁 termux
(Use arrow keys)
------------------
Press ▲ / ▼ to move the cursor.
Press ► / ENTER to enter the selected directory.
Press ◄ to return to the parent directory.
Press ENTER to switch themes.
Press CTRL - C to exit the interaction.
~/.config/neofetch # Root directory
├── config.conf # Current configuration file
└── themes # Fixed themes directory
├── default.conf # Single configuration file
└── large # Grouped configurations (no restriction on directory names or nesting depth)
├── myTheme1 # Custom configuration
│ ├── ascii.txt # ASCII art file
│ └── config.conf # Configuration file
└── myTheme2 # Nested custom configuration
├── config.conf # Configuration file
└── assets # Assets referenced by configuration (no restriction on directory names or nesting depth)
└── ascii.txt # ASCII art file
| Language Name | Native Name | ISO-639-1 | ISO-3166-1 (Alpha-2) | Locale File |
|---|---|---|---|---|
| English | - | en | US | en-US.ts |
| Chinese Simplified | 简体中文 | zh | CN | zh-CN.ts |
Contributions via Pull Requests or Issues are welcome.
This project is licensed under the MIT License. See the LICENSE file for details.
FAQs
A Node.js CLI for the NeoFetch configuration file manager
The npm package @kabeep/neoconfig receives a total of 5 weekly downloads. As such, @kabeep/neoconfig popularity was classified as not popular.
We found that @kabeep/neoconfig demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.