Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@nutui/carefree
Advanced tools
npm install @jd/jnpm -g --registry=http://registry.m.jd.com
jnpm i -D @jdcfe/carefree
webpack
配置文件中引入const Carefree = require('@jdcfe/carefree');
plugins: [
new Carefree({
upload: false,
publicPath: '//page.jd.com/exploit/360assessment_m/',
qrcodeUrl: 'http://page.jd.com/exploit/360assessment_m/index.html',
ftp: {
host: '192.168.181.73',
port: 3000,
username: 'user',
password: 'user',
source: 'dist',
target: '/var/www/html/page.jd.com/exploit/carefree-test/1.0.5'
},
// ssh: {
// host: '192.168.182.85',
// port: 1234,
// username: 'carefree',
// password: 'carefree',
// source: 'dist',
// target: '/carefree-test'
// }
})
]
package.json
中添加scripts
,carefree-dev
和carefree-build
可直接替换原来的dev
、build
和upload
(dev
、build
和upload
可根据实际情况修改)// package.json
scripts: {
...
"carefree-dev": "cross-env NODE_ENV=carefree carefree_env=dev webpack -w --colors --progress",
"carefree-build": "cross-env carefree_env=build npm run upload",
...
}
carefree
,可在脚本里修改carefree_env
为cross-env carefree_env=stop
carefree
后,我们会在webpack
构建后,将build
后的所有静态资源增量上传至配置好的服务器上,
这样就可以不依赖wifi热点,直接在手机上访问相关页面进行调试和预览;ssh
与ftp
两种上传方式;upload
设置为false
将只打印二维码,不上传静态资源;devtool
以减小上传文件的体积,需要时可以设置为webpack
的devtool
配置;参数 | 说明 | 默认值 | 是否必填 |
---|---|---|---|
upload | 是否上传 | true | 否 |
devtool | 参考webpack的devtool配置 | false | 否 |
publicPath | 同webpackConfig.output.publicPath | - | 是 |
qrcodeUrl | 扫二维码后跳转的地址 | publicPath + 'index.html' | 否 |
ftp.host | 服务器ip | -- | 是 |
ftp.port | 服务器 | -- | 是 |
ftp.source | 待上传的目录 | -- | 是 |
ftp.target | 服务器端的项目目录 | -- | 是 |
ftp.username | 服务器用户名 | -- | 是 |
ftp.password | 服务器密码 | -- | 是 |
ssh[option] | 同ftp相关配置项 | -- | 是 |
FAQs
A H5 debugging tool independent of wifi hotspots
The npm package @nutui/carefree receives a total of 7 weekly downloads. As such, @nutui/carefree popularity was classified as not popular.
We found that @nutui/carefree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.