Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@magic/bash-alias
Advanced tools
@magic/bash-alias
various bash aliases for node, git, rust, and @magic. !pollutes bash namespace!
@magic/git-alias
installs useful git, node, rust, and @magic aliases.
POLLUTES THE NAMESPACE OF YOUR BASH WITH ONE AND TWO LETTER COMMANDS.
fortunately, the rest of the linux ecosystem seems to be smart enough not to do that too often.
known name clashes:
- gs = ghostscript.
- ll, la, l: exist on some operating systems. should be no change in behaviour though.
installation
npm i -g @magic/bash-aliases
aliases
strings in ${} are expected cli arguments
ls
ll -> ls -alF --color
la -> ls -A --color
l -> ls -CF --color
git
ga -> git add ${...files}
gaa -> git add --all
gb -> git branch
gbb -> git checkout -b ${name}
gc -> git commit -m "message string" ${...files}
gca -> git commit --amend
gd -> git -c color.ui=always diff
gl -> git -c color.ui=always log
gp -> git push
gps -> git push --set-upstream ${remote} ${branch}
gr -> git remote -v
gra -> git remote add ${name} ${url}
grr -> git remote remove ${name},
gs -> git -c color.status=always status
gt -> git tag -a '...ARGV' -m '...ARGV'
git shortcuts
gcdocs -> git commit -m 'docs: update' ./docs"
gcdeps -> git commit -m 'deps: update' ./package.json ./package-lock.json"
gcdevdeps -> git commit -m 'devdeps: update ' ./package.json ./package-lock.json"
gclog -> git commit -m 'readme: update changelog' ./README.md"
gcread -> git commit -m 'readme: update' ./README.md"
gcbump -> git commit -m 'version: bump' ./package.json ./package-lock.json"
node
nb -> npm run build
nd -> npm run dev
nf -> npm run format
ni -> npm install
np -> npm run prod
nr -> npm run
ns -> npm start
nt -> npm test
nu -> npm update
@magic
m -> magic dev
mb -> magic build
mc -> magic clean
md -> magic dev
mp -> magic prod
ms -> magic serve
rust
cb -> cargo build
cch -> cargo check
cf -> cargo fmt -v
ci -> cargo install
cr -> cargo run
ct -> cargo test
cw -> cargo watch
cwr -> cargo watch -x run
changelog
0.0.1
first release
0.0.2
add colors to directory listings.
0.0.3
- update git commit messages
- fix docs
0.0.4
- rename cc to cch to prevent name clash.
- add gt => git tag -a $1 -m $1
0.0.5
bump required node version to 14.2.0
0.0.6
- bump required node version to 14.15.4
- update dependencies
0.0.7
gcdocs: "git add docs" before comitting
0.0.8
- update dependencies
- add nr -> npm run, but do not alias it yet -.-
0.0.9
actually add the nr bin alias to package.json
0.0.10
...
FAQs
various bash aliases for node, git, rust, and @magic. !pollutes bash namespace!
We found that @magic/bash-alias demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 24 Sep 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025