
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@percy/config
Advanced tools
Handles loading and adding options to Percy configuration files. Uses [cosmiconfig](https://github.com/davidtheclark/cosmiconfig) to load configuration files and [JSON schema](https://json-schema.org/) with [AJV](https://github.com/epoberezkin/ajv) to val
Handles loading and adding options to Percy configuration files. Uses cosmiconfig to load configuration files and JSON schema with AJV to validate those configuration files.
The .load() method will load and validate a configuration file, optionally merging it with any
provided overrides. If no path is provided, will search for the first supported config found
from the current directory up to the home directory. Configuration files are cached and reused unless
reload is true.
import PercyConfig from '@percy/config'
// loading is done synchronously
const config = PercyConfig.load(options)
path — Config file path or directory containing a config fileoverrides — Config option overridesreload — Do not use cached config (default false)bail — Return undefined when failing validation (default false)print — Print info and error logs (default false)"percy" entry in package.json.percyrc YAML or JSON file.percy.json JSON file.percy.yaml or .percy.yml YAML file.percy.js or percy.config.js file that exports an objectThe .addSchema() function will add a sub-schema to the Percy configuration file which will be
parsed and validated when PercyConfig.load() is called. See JSON
schema for possible schema options.
import PercyConfig from '@percy/config'
PercyConfig.addSchema({
propertyName: JSONSchema
})
The `config` package is a configuration management tool for Node.js applications. It allows you to define configuration settings for different environments and load them dynamically. Compared to @percy/config, it is more general-purpose and not specific to visual testing.
The `convict` package provides a way to define a schema for your configuration files and validate them. It also supports environment-specific configurations and type validation. While @percy/config is tailored for Percy, `convict` is more flexible and can be used in various types of applications.
The `dotenv` package loads environment variables from a `.env` file into `process.env`. It is simpler and more lightweight compared to @percy/config, focusing on environment variable management rather than structured configuration schemas.
FAQs
Handles loading and adding options to Percy configuration files. Uses [cosmiconfig](https://github.com/davidtheclark/cosmiconfig) to load configuration files and [JSON schema](https://json-schema.org/) with [AJV](https://github.com/epoberezkin/ajv) to val
We found that @percy/config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.