Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@knapsack-pro/core
Advanced tools
Knapsack Pro Core library splits tests across CI nodes and makes sure that tests will run in optimal time on each CI node. This library gives core features like communication with KnapsackPro.com API. This library is a dependency for other projects specif
Run your 1-hour test suite in 2 minutes with optimal parallelisation on your existing CI infrastructure
Knapsack Pro wraps your current test runner(s) and works with your existing CI infrastructure to parallelize tests optimally:
See the docs to get started:
Follow the steps in the root README.md to set up the project.
You can compile TypeScript in watch mode from the root folder with:
npm start -w packages/core
cd packages/core
Sign in to the npm registry with:
npm adduser
Before releasing a new version of the package, please update CHANGELOG.md
with github_changelog_generator
:
gem install github_changelog_generator
# generate CHANGELOG.md
github_changelog_generator --user KnapsackPro --project knapsack-pro-js --pr-wo-labels --issues-wo-labels --include-labels @knapsack-pro/core --since-tag @knapsack-pro/core@5.1.0 --exclude-tags-regex "@knapsack-pro\/(jest|cypress)@.*"
git commit -am "docs(core): update CHANGELOG.md"
git push origin main
If you have added new files to the repository, and they should be part of the released npm package, please ensure they are included in the files
array in package.json
.
Compile the project:
npm run build
In order to bump the version of the package run the command below. It will also create a version commit and tag for the release:
# Bump patch version 0.0.x
npm version patch --no-commit-hooks --tag-version-prefix=@knapsack-pro/core@
# Bump minor version 0.x.0
npm version minor --no-commit-hooks --tag-version-prefix=@knapsack-pro/core@
git commit -am @knapsack-pro/core@x.x.x
git tag @knapsack-pro/core@x.x.x
Push the commit and tag:
git push origin main --tags
When the git tag is on Github, you can update CHANGELOG.md
:
github_changelog_generator --user KnapsackPro --project knapsack-pro-js --pr-wo-labels --issues-wo-labels --include-labels @knapsack-pro/core --since-tag @knapsack-pro/core@5.1.0 --exclude-tags-regex "@knapsack-pro\/(jest|cypress)@.*"
git commit -am "docs(core): update CHANGELOG.md"
git push origin main
Publish the package to the npm registry:
npm publish
Update:
FAQs
Knapsack Pro Core library splits tests across CI nodes and makes sure that tests will run in optimal time on each CI node. This library gives core features like communication with KnapsackPro.com API. This library is a dependency for other projects specif
The npm package @knapsack-pro/core receives a total of 46,114 weekly downloads. As such, @knapsack-pro/core popularity was classified as popular.
We found that @knapsack-pro/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.