Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rushstack/rush-sdk
Advanced tools
This is a companion package for the Rush tool. See the @microsoft/rush package for details.
⚠ THIS PACKAGE IS EXPERIMENTAL ⚠
The @rushstack/rush-sdk package acts as a lightweight proxy for accessing the APIs of the @microsoft/rush-lib engine. It is intended to support three different use cases:
Rush plugins should import from @rushstack/rush-sdk instead of @microsoft/rush-lib. This gives plugins full access to Rush APIs while avoiding a redundant installation of those packages. At runtime, the APIs will be bound to the correct rushVersion
from rush.json, and guaranteed to be the same @microsoft/rush-lib module instance as the plugin host.
When authoring unit tests for a Rush plugin, developers should add @microsoft/rush-lib to their package.json devDependencies
. In this context, @rushstack/rush-sdk will resolve to that instance for testing purposes.
For scripts and tools that are designed to be used in a Rush monorepo, in the future @rushstack/rush-sdk will automatically invoke install-run-rush.js and load the local installation. This ensures that tools load a compatible version of the Rush engine for the given branch. Once this is implemented, @rushstack/rush-sdk can replace @microsoft/rush-lib entirely as the official API interface, with the latter serving as the underlying implementation.
The @rushstack/rush-sdk API declarations are identical to the corresponding version of @microsoft/rush-lib.
Verbose logging can be turn on by set environment variable RUSH_SDK_DEBUG
to 1
Rush is part of the Rush Stack family of projects.
FAQs
An API for interacting with the Rush engine
We found that @rushstack/rush-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.