Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rush-partners/ft-js-sdk
Advanced tools
This repository creates the JSDK library used to pull in our plugin architecture from FS Apps
It will follow a scheme similar to Facebook Plugins
npm install
npm run start
Create a dist folder
npm run build
This should only be done by David or Ian
Any files with a package.json file can be published on NPM
You can test your local user with
npm config ls
Versioining is an critical point of using NPM, update the version with the following commands, this will also create a tag in GIT. We will employ semantic versioning (semver) https://docs.npmjs.com/getting-started/semantic-versioning so choose the command that relates to the bump.
npm version patch
npm version minor
npm version major
To push the tags use
git push --follow-tags
Login to NPM, run the command below and enter the user and pass
npm login
Org scoping, this should already be set up but documenting
npm config set scope rush-partners --global
To publish use in the directory root with a package.json
npm publish
Remove package
npm unpublish --force
Very old source code: https://github.com/facebookarchive/facebook-js-sdk/tree/deprecated
FAQs
JS-SDK
The npm package @rush-partners/ft-js-sdk receives a total of 2 weekly downloads. As such, @rush-partners/ft-js-sdk popularity was classified as not popular.
We found that @rush-partners/ft-js-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.