Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@knapsack-pro/jest
Advanced tools
Knapsack Pro Jest splits Jest tests across CI nodes and makes sure that tests will run in optimal time on each CI node.
Run your 1-hour test suite in 2 minutes with optimal parallelisation on your existing CI infrastructure
Knapsack Pro wraps Jest and works with your existing CI infrastructure to parallelize tests optimally:
See the docs to get started:
Follow the steps in the root README.md to set up the project.
You can compile TypeScript in watch mode from the root folder with:
npm start -w packages/jest
To test @knapsack-pro/jest
against a real test suite we use:
cd packages/jest
Sign in to the npm registry with:
npm adduser
Ensure you have the latest version of @knapsack-pro/core
in package.json
(do the change in a separate PR to have it appear in the CHANGELOG):
{
"dependencies": {
"@knapsack-pro/core": "^x.x.x"
}
}
and run npm install
.
Commit the updated package.json
and package-lock.json
:
git commit -am "deps(jest): update @knapsack-pro/core"
Before releasing a new version of the package, please update CHANGELOG.md
with github_changelog_generator
:
gem install github_changelog_generator
# generate CHANGELOG.md
github_changelog_generator --user KnapsackPro --project knapsack-pro-js --pr-wo-labels --issues-wo-labels --include-labels @knapsack-pro/jest --since-tag @knapsack-pro/jest@6.2.0 --exclude-tags-regex "@knapsack-pro\/(core|cypress)@.*"
git commit -am "docs(jest): update CHANGELOG.md"
git push origin main
If you have added new files to the repository, and they should be part of the released npm package, please ensure they are included in the files
array in package.json
.
Compile the project:
npm run build
In order to bump the version of the package run the command below. It will also create a version commit and tag for the release:
# Bump patch version 0.0.x
npm version patch --no-commit-hooks --tag-version-prefix=@knapsack-pro/jest@
# Bump minor version 0.x.0
npm version minor --no-commit-hooks --tag-version-prefix=@knapsack-pro/jest@
git commit -am @knapsack-pro/jest@x.x.x
git tag @knapsack-pro/jest@x.x.x
Push the commit and tag:
git push origin main --tags
When the git tag is on Github, you can update CHANGELOG.md
:
github_changelog_generator --user KnapsackPro --project knapsack-pro-js --pr-wo-labels --issues-wo-labels --include-labels @knapsack-pro/jest --since-tag @knapsack-pro/jest@6.2.0 --exclude-tags-regex "@knapsack-pro\/(core|cypress)@.*"
git commit -am "docs(jest): update CHANGELOG.md"
git push origin main
Publish the package to the npm registry:
npm publish
Update the latest available library version in:
TestSuiteClientVersionChecker
for the Knapsack Pro API repository.FAQs
Knapsack Pro Jest splits Jest tests across CI nodes and makes sure that tests will run in optimal time on each CI node.
The npm package @knapsack-pro/jest receives a total of 23,877 weekly downloads. As such, @knapsack-pro/jest popularity was classified as popular.
We found that @knapsack-pro/jest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.