Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@purple/lerna-smart-run
Advanced tools
Lerna add-on for only running npm scripts for packages changed since previous branch-based tag
Lerna add-on for only running npm scripts for packages changed since previous tag
This package is a glorified wrapper around ordinary lerna run <script>
commands,
but it implements a system to control the order of execution and an automated, opionated
tagging system (based on git branches) that takes advantage of lerna's --since
option.
This package is intended for use in CI and CD pipelines, especially where sequential deploys are necessary, i.e., where one serverless resource needs to be deployed before the rest.
Invoke with smartRun <npm script>
, where <npm script>
is a script from the
scripts
section of the package.json
of one of your lerna packages.
Pass --tagOnSuccess
to generate a tag from the successful execution of the smart run.
This tag will be used on the following execution.
Pass --deleteTagOnSuccess
to delete the previous tag on the successful execution of
the smart run. If there was no previous tag this has no effect.
Since command is mostly just a wrapper, see https://www.npmjs.com/package/@lerna/filter-options for more available flags.
This package is in an early, experimental stage, and is likely to change dramatically between different versions.
FAQs
Lerna add-on for only running npm scripts for packages changed since previous branch-based tag
The npm package @purple/lerna-smart-run receives a total of 0 weekly downloads. As such, @purple/lerna-smart-run popularity was classified as not popular.
We found that @purple/lerna-smart-run demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.