Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@rushstack/rush-sdk
Advanced tools
This is a companion package for the Rush tool. See the @microsoft/rush package for details.
⚠ THIS PACKAGE IS EXPERIMENTAL ⚠
The @rushstack/rush-sdk package acts as a lightweight proxy for accessing the APIs of the @microsoft/rush-lib engine. It is intended to support three different use cases:
Rush plugins should import from @rushstack/rush-sdk instead of @microsoft/rush-lib. This gives plugins full access to Rush APIs while avoiding a redundant installation of those packages. At runtime, the APIs will be bound to the correct rushVersion
from rush.json, and guaranteed to be the same @microsoft/rush-lib module instance as the plugin host.
When authoring unit tests for a Rush plugin, developers should add @microsoft/rush-lib to their package.json devDependencies
. In this context, @rushstack/rush-sdk will resolve to that instance for testing purposes.
For scripts and tools that are designed to be used in a Rush monorepo, in the future @rushstack/rush-sdk will automatically invoke install-run-rush.js and load the local installation. This ensures that tools load a compatible version of the Rush engine for the given branch. Once this is implemented, @rushstack/rush-sdk can replace @microsoft/rush-lib entirely as the official API interface, with the latter serving as the underlying implementation.
The @rushstack/rush-sdk API declarations are identical to the corresponding version of @microsoft/rush-lib.
Verbose logging can be turn on by set environment variable RUSH_SDK_DEBUG
to 1
Rush is part of the Rush Stack family of projects.
FAQs
An API for interacting with the Rush engine
We found that @rushstack/rush-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.