Security News
Scaling Socket from Zero to 10,000+ Organizations
Socket CEO Feross Aboukhadijeh shares lessons from scaling a developer security startup to 10,000+ organizations in this founder interview.
By Sarah Gooding -  Dec 02, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@powercord/simple-git-wasm
Advanced tools
@powercord/simple-git-wasm
A (relatively) small node library to clone and pull git repositories in a standalone manner thanks to libgit2, powered by WebAssembly and Emscripten
simple-git-wasm
A (relatively) small node library to clone and pull git repositories in a standalone manner thanks to libgit2, powered by WebAssembly and Emscripten.
Made to be used as part of the Powercord built-in updater. Despite the set purpose, the lib can be used by anyone who wishes to if it fits their use case.
Why?
Not happy with the solutions I had. isomorphic-git is a HEAVY beast, and wasm-git is too raw for me, me like some syntax sugar. Makes my software sweeter. It also doesn't support things it cannot support because of its target (I only care about Node, so I can make different design choices).
Usage
Installation:
[pnpm | yarn | npm] i @powercord/simple-git-wasm
Clone a repository
Note: Submodules will be cloned as well.
const sgw = require('@powercord/simple-git-wasm')
try {
await sgw.clone('https://github.com/powercord-org/simple-git-wasm', './sgw')
} catch (e) {
console.error('An error occurred while cloning the repository!')
}
Pull a repository
Note: Submodules will be updated if necessary.
const sgw = require('@powercord/simple-git-wasm')
try {
await sgw.pull('./sgw')
} catch (e) {
console.error('An error occurred while pulling the repository!')
}
Check for updates (new commits)
const sgw = require('@powercord/simple-git-wasm')
try {
const updates = await sgw.listUpdates('./sgw')
console.log(updates)
// ~> [
// ~> { id: 'abcdef.....', message: 'This is the newest commit', author: 'Cynthia' },
// ~> { id: 'abcdef.....', message: 'This is a new commit', author: 'Cynthia' },
// ~> { id: 'abcdef.....', message: 'This is the oldest new commit', author: 'Cynthia' },
// ~> ]
} catch (e) {
console.error('An error occurred while pulling the repository!')
}
Notes
The following PRs are required for this to work:
- https://github.com/libgit2/libgit2/pull/5935
- https://github.com/emscripten-core/emscripten/pull/14722
I (Cynthia) patched my Emscripten installation to strip things not needed but included in the final build.
- https://github.com/emscripten-core/emscripten/issues/11805 (patch in the comments)
FAQs
A (relatively) small node library to clone and pull git repositories in a standalone manner thanks to libgit2, powered by WebAssembly and Emscripten
We found that @powercord/simple-git-wasm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 27 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks
Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operators.
By Kirill Boychenko -  Nov 26, 2025
Research
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an attacker wallet.
By Kush Pandya -  Nov 25, 2025