
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@percy/env
Advanced tools
This package provides various CI/CD support for Percy by coalescing different environment variables into a common interface for consumption by `@percy/client`.
This package provides various CI/CD support for Percy by coalescing different environment variables
into a common interface for consumption by @percy/client.
Auto-detected based on environment variables that the CI provider sets during a build.
Kubernetes-native pipelines do not inject provider-identifying environment variables into step containers by default. To enable Percy detection on these systems, expose the following variables via template substitution in your pipeline definition.
steps:
- name: percy
image: node:20
env:
- name: TEKTON_PIPELINE_RUN # required — triggers detection
value: "$(context.pipelineRun.name)"
- name: TEKTON_COMMIT_SHA
value: "$(params.commit-sha)"
- name: TEKTON_BRANCH
value: "$(params.branch)"
- name: TEKTON_PULL_REQUEST # optional
value: "$(params.pr-number)"
- name: percy
container:
image: node:20
env:
- name: ARGO_WORKFLOW_NAME # required — triggers detection
value: "{{workflow.name}}"
- name: ARGO_WORKFLOW_UID # recommended — used as parallel nonce
value: "{{workflow.uid}}"
- name: ARGO_COMMIT_SHA
value: "{{workflow.parameters.commit-sha}}"
- name: ARGO_BRANCH
value: "{{workflow.parameters.branch}}"
- name: ARGO_PULL_REQUEST # optional
value: "{{workflow.parameters.pr-number}}"
Vercel exposes its VERCEL_* system environment variables to the build step only
when Automatically expose System Environment Variables is enabled on the project
(Settings → Environment Variables). Percy also needs PERCY_PARALLEL_TOTAL=-1
set in the project environment for the parallel nonce to populate from
VERCEL_DEPLOYMENT_ID — otherwise reruns of the same deploy will create separate
Percy builds instead of deduping.
The following variables may be defined to override the respective derived CI environment variables.
PERCY_COMMIT # build commit sha
PERCY_BRANCH # build branch name
PERCY_PULL_REQUEST # associated PR number
PERCY_PARALLEL_NONCE # parallel nonce unique for this CI workflow
PERCY_PARALLEL_TOTAL # total number of parallel shards
Additional Percy specific environment variable may be set to control aspects of your Percy build.
PERCY_TARGET_COMMIT # percy target commit sha
PERCY_TARGET_BRANCH # percy target branch name
PERCY_PARTIAL_BUILD # if this build was marked as partial
environment.jsFAQs
This package provides various CI/CD support for Percy by coalescing different environment variables into a common interface for consumption by `@percy/client`.
The npm package @percy/env receives a total of 331,145 weekly downloads. As such, @percy/env popularity was classified as popular.
We found that @percy/env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.