Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@omlet/cli
Advanced tools
Omlet (https://omlet.dev) is a component analytics tool that uses a CLI to scan your codebase to detect components and their usage. Get real usage insights from customizable charts to measure adoption across all projects and identify opportunities to impr
Omlet (https://omlet.dev) is a component analytics tool that uses a CLI to scan your codebase to detect components and their usage. Get real usage insights from customizable charts to measure adoption across all projects and identify opportunities to improve your components.
To learn more about Omlet and how to use it check out our documentation.
$ npm i --save-dev @omlet/cli
npx omlet login
To start the component analysis, navigate to the root of the repo you wish to scan and run the Omlet CLI:
npx omlet init
Follow the link in the CLI to take you to the Omlet Web App at feta.omlet.dev and view your analytics dashboard. Check out our docs on how to get started with insights from Omlet: https://docs.omlet.dev/getting-started/getting-insights-with-omlet
If you have multiple respositories, you can scan them into the same Omlet workspace and it will automatically correlate components defined in one repo that are used in another. No duplicate components or double counting of usage!
To scan a new repo, add @omlet/cli
as a dependency like before and run:
npx omlet analyze
You might need to define a configuration file in your repository if:
If you require extra configuration, create a new files named .omletrc.js
at the root of your repository and follow the instructions in the Omlet docs.
Omlet supplies sensible default configurations to ignore certain files such as Storybook stories documentation or test files.
**/node_modules/**
**/*.d.ts
**/stories/**/*
**/.storybook/**/*
**/*.stories.{jsx,tsx,js,ts}
**/*.{spec,test}.{jsx,tsx,js,ts}
**/{__test__,tests}/**/*.{jsx,tsx,js,ts}
To exclude more glob patterns, add the "ignore"
array to your .omletrc.js
config:
{
"ignore": [
"**/test_folder/**",
"**/another_test_folder/**"
]
}
You can also pass a glob pattern to the --ignore
option in the analyze CLI command to filter out directories, files, or components you do not want to track. The --ignore
option can be passed in multiple times for multiple patterns, e.g.
--ignore 'glob/one/' --ignore 'glob/two/'
Omlet is a product developed and provided by Zeplin, Inc. which has SOC 2 Type II attestation. For Omlet, we implement the same security controls as the rest of the Zeplin ecosystem. For more details, please head to the Security page in the Omlet docs.
Omlet detects and tracks only the components that are defined and exported from JS/TS modules. Local components, which are components used within the same module that are not exported, are not surfaced in Omlet.
In the example below, only ExportedButton will be tracked and reported in Omlet because it is defined and exported. Button is a local component used only within the button.tsx module, so it is excluded from the scanned results.
function Button() {
...
}
export function ExportedButton() {
...
return <Button/>;
}
Omlet detects and counts the unique usage of each component. If a component is used multiple times within the same component, Omlet considers it as a single usage.
In the given example, there are multiple instances of ListItem
within ListView
but Omlet will count this as a single usage of ListItem
.
Using the same example below, Omlet will also recognize that ListView is using Button indirectly through a local component ListButton. However, ListButton will not appear in the results.
import Button from "./Button";
import ListItem from "./ListItem";
function ListButton() {
...
return <Button/>;
}
export function ListView() {
...
return (
<div>
<div><ListItem/></div>
...
<div><ListItem/></div>
<div><ListButton/></div>
</div>
);
}
Omlet never collects, stores or upload your code. The scanning process is always done locally using the Omlet CLI available for download via NPM. Only metadata is collected. As a user, you have full control over what code Omlet will scan by choosing which repository it should scan. You also have the option to limit scanning to certain files or directories.
Regarding metadata, Omlet collects:
For troubleshooting purposes, other metadata we collect are:
Omlet CLI has an option to generate the output locally which you can use to inspect the data. You can do this by running:
omlet analyze --dry-run
This will generate a local file omlet.out.json with the scanned output that is normally uploaded to Omlet's Web app. When using --dry-run, the results are never uploaded.
FAQs
Omlet (https://omlet.dev) is a component analytics tool that uses a CLI to scan your codebase to detect components and their usage. Get real usage insights from customizable charts to measure adoption across all projects and identify opportunities to impr
We found that @omlet/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.