Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@knapsack-pro/jest
Advanced tools
Knapsack Pro Jest splits Jest tests across CI nodes and makes sure that tests will run in optimal time on each CI node.
Run your 1-hour test suite in 2 minutes with optimal parallelisation on your existing CI infrastructure
Knapsack Pro wraps Jest and works with your existing CI infrastructure to parallelize tests optimally:
See the docs to get started.
>= Node 18.13.0 LTS
You can use NVM to manage Node versions in development.
Setup the @knapsack-pro/core project.
Follow the steps below or use the bin/setup_development
script to take care of steps 2-5.
Install the dependencies:
npm install
In order to use the local version of @knapsack-pro/core
run:
npm link @knapsack-pro/core
Compile the TypeScript code to the lib
directory by running:
npm start
Register the @knapsack-pro/jest
package globally in your local system. This way we will be able to develop other npm packages dependent on it:
npm link
Set up your IDE:
Visual Studio Code
Install the following plugins:
Go to File > Preferences > Settings > Text Editor > Formatting
Turn on Format On Save
checkbox.
From now on, every change in the codebase will be automatically formatted by Prettier. ESLint shows errors and warnings in VSCode.
Write some code.
If your feature requires code changes in @knapsack-pro/core, please push the @knapsack-pro/core
to GitHub first. Then you can push changes for @knapsack-pro/jest
to ensure the CI will use the latest @knapsack-pro/core
.
To test @knapsack-pro/jest
against a real test suite we use:
Sign in to the npm registry with:
npm adduser
Ensure you have the latest version of @knapsack-pro/core
in package.json
:
{
"dependencies": {
"@knapsack-pro/core": "^x.x.x"
}
}
Run npm install
. This way you will be able to test @knapsack-pro/core
installed from npm registry instead of the local one that was linked with npm link @knapsack-pro/core
.
Commit the updated package.json
and package-lock.json
:
git commit -am "Update @knapsack-pro/core"
Before releasing a new version of the package, please update CHANGELOG.md
with github_changelog_generator
:
gem install github_changelog_generator
# generate CHANGELOG.md
github_changelog_generator --user KnapsackPro --project knapsack-pro-jest
git commit -am "Update CHANGELOG.md"
git push origin master
If you have added new files to the repository, and they should be part of the released npm package, please ensure they are included in the files
array in package.json
.
Compile the project:
# Ensure you use local version of @knapsack-pro/core
npm link @knapsack-pro/core
npm run build
In order to bump the version of the package run the command below. It will also create a version commit and tag for the release:
# Bump patch version 0.0.x
npm version patch
# Bump minor version 0.x.0
npm version minor
Push the commit and tag:
git push origin master --tags
When the git tag is on Github, you can update CHANGELOG.md
:
github_changelog_generator --user KnapsackPro --project knapsack-pro-jest
git commit -am "Update CHANGELOG.md"
git push origin master
Publish the package to the npm registry:
npm publish
Update the latest available library version in TestSuiteClientVersionChecker
for the Knapsack Pro API repository.
FAQs
Knapsack Pro Jest splits Jest tests across CI nodes and makes sure that tests will run in optimal time on each CI node.
The npm package @knapsack-pro/jest receives a total of 23,877 weekly downloads. As such, @knapsack-pro/jest popularity was classified as popular.
We found that @knapsack-pro/jest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.