Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@rishabhgrg/membersjs-test
Advanced tools
@rishabhgrg/membersjs-test
Drop-in script to make the bulk of members work on any theme
Members.js
Drop-in script to make the bulk of members work on any theme
Basic Setup
- Clone this repository:
git@github.com:TryGhost/members.js.git
- Change into the new directory and install the dependencies:
cd members.js
yarn
Configure for local development
In your local Ghost setup:
- Add
rish-upstreamas remote on your local Ghost repo -
git remote add rish-upstream git@github.com:rishabhgrg/Ghost.git
- Fetch and checkout membersjs branch from the remote -
git fetch rish-upstream membersjs && git checkout membersjs
- Ensure your local Ghost is running
In this repo(Members.js):
- Run
yarn buildto create the minified bundle with your changes atumd/members.min.js
In your theme(Ex. Lyra):
- Copy
members.min.jsfrom above and paste it in your theme atassets/built/members.min.js - Add below code in your theme's
default.hbsjust above{{{block "scripts"}}}to add and initialize members script
<script src="{{asset "built/members.min.js"}}"></script>
<script>
// Pass Admin URL
var data = {
adminUrl: window.location.origin + "/ghost",
};
// Initialize members.js
window.GhostMembers.initMembersJS(data);
</script>
Available Scripts
In the project directory, you can also run:
yarn start
Runs the app in the development mode.
Open http://localhost:3000 to view it in the browser.
The page will reload if you make edits.
You will also see any lint errors in the console.
Note: You'll need to configure the local Admin API url for script initialization.
- Copy
.env.development.local.exampleto.env.development.local - Update the values to match your local dev version of Ghost
yarn build
Creates the production single minified bundle for external use in umd/members.min.js.
yarn test
Launches the test runner in the interactive watch mode.
See the section about running tests for more information.
Publish
Before shipping, please ensure the intended version is updated in package.json.
- Run
npm publish --access publicto ship the new version to npm and unpkg.- Builds the script with latest code using
yarn build(prePublish) - Publishes package on npm as
@tryghost/members-jsand creates an unpkg link for script at https://unpkg.com/@tryghost/members-js@VERSION
- Builds the script with latest code using
Learn More
This project was bootstrapped with Create React App. You can learn more in the Create React App documentation.
Copyright & License
Copyright (c) 2020 Ghost Foundation - Released under the MIT license.
FAQs
Drop-in script to make the bulk of members work on any theme
We found that @rishabhgrg/membersjs-test demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025