Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@liflig/cdk
Advanced tools
This is a collection of reusable constructs and patterns for CDK setups, for use within Liflig.
We do not expect others to depend on this, and as such will not be following semantic versioning strictly. There will be breaking changes across both minor and patch releases, as we will be coordinating changes internally.
CDK has some major issues for 3rd party library authors which are not yet resolved. Some relevant information:
Lint code
npm run lint
Run tests and update snapshots
npm run snapshots
npm run test -- -u
Investigate any changes before committing.
Assemble artifact, which emits a tarball
npm pack
Install the library in an application from a tarball
npm install /path/to/liflig-cdk/liflig-cdk-0.0.0-development.tgz
Navigate to the project where you want to test the changes
cd /path/to/other/project
Install the library in an application from a Git branch
npm install "https://github.com/capralifecycle/liflig-cdk.git#my-feature-branch"
Note: npm link
cannot be used, since it will lead to multiple
declarations of the same classes from CDK, breaking the instanceof
operator.
This project accepts contributions. To get started, see the Contributing Guidelines.
FAQs
CDK library for Liflig
The npm package @liflig/cdk receives a total of 2,044 weekly downloads. As such, @liflig/cdk popularity was classified as popular.
We found that @liflig/cdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.