Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@magijs/plugin-constraint
Advanced tools
强约束规则
开启、禁用和检查状态
开启强约束
export default {
strict: {},
};
启用额外规则
所有规则是默认开启的,但以下规则除外
FILES_ALL_TYPESCRIPT
如有需要,可通过 strict.rules 开启
export default defineConfig({
strict: {
rules: {
FILES_ALL_TYPESCRIPT: true,
},
},
});
规则禁用
原则上不允许禁用规则
检查开启禁用状态
执行 magi constraint 命令
规则列表
DEP_MAGI_LATEST
magi 版本不允许写死,只能使用 ^ 前缀。
// bad
"@magi/magi": "1.0.0"
// still bad
"@magi/magi": "~1.0.0"
// good
"@magi/magi": "^1.0.0"
如果出于某些原因使用了 beta 版,也需使用 ^ 前缀保证正式版发布后能自动匹配到。
// bad
"@magi/magi": "1.0.0-beta.1"
// good
"@magi/magi": "^1.0.0-beta.1"
"@magi/magi": "^1.0.0-0"
FAQs
## 开启、禁用和检查状态
We found that @magijs/plugin-constraint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 24 Dec 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding - Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding - Dec 11, 2025