Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@serverless/cli

Package Overview
Dependencies
Maintainers
6
Versions
76
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@serverless/cli - npm Package Compare versions

Comparing version
1.5.2
 to
1.5.3
+34
.github/workflows/integrate.yml
# main only
name: Integrate
on:
push:
branches: [master]
env:
FORCE_COLOR: 1
jobs:
tagIfNewVersion:
name: Tag if new version
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# Ensure to have complete history of commits pushed with given push operation
# It's loose and imperfect assumption that no more than 30 commits will be pushed at once
fetch-depth: 30
# Tag needs to be pushed with real user token, otherwise pushed tag won't trigger the actions workflow
# Hence we're passing 'serverless-ci' user authentication token
token: ${{ secrets.USER_GITHUB_TOKEN }}
- name: Tag if new version
if: github.event.before != '0000000000000000000000000000000000000000' # Skip on first commit
run: |
NEW_VERSION=`git diff -U0 ${{ github.event.before }} package.json | grep '"version": "' | tail -n 1 | grep -oE "[0-9]+\.[0-9]+\.[0-9]+"` || :
if [ -n "$NEW_VERSION" ];
then
git tag v$NEW_VERSION
git push --tags
fi
+41
.github/workflows/publish.yml
# Version tags only
name: Publish
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
jobs:
publish:
name: Publish
runs-on: ubuntu-latest
env:
# It'll work with secrets.GITHUB_TOKEN (which is provided by GitHub unconditionally)
# Still then release author would be "github-actions"
GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }}
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Retrieve dependencies from cache
uses: actions/cache@v2
with:
path: |
~/.npm
node_modules
key: npm-v14-${{ runner.os }}-refs/heads/master-${{ hashFiles('package.json') }}
- name: Install Node.js and npm
uses: actions/setup-node@v1
with:
node-version: 14.x
registry-url: https://registry.npmjs.org
- name: Publish new version
# Note: Setting NODE_AUTH_TOKEN as job|workspace wide env var won't work
# as it appears actions/setup-node sets own value
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish
+43
.github/workflows/validate.yml
# PR's only
name: Validate
on:
pull_request:
branches: [master]
env:
FORCE_COLOR: 1
jobs:
linuxNode14:
name: '[Linux] Node.js v14: Lint'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Retrieve dependencies from cache
id: cacheNpm
uses: actions/cache@v2
with:
path: |
~/.npm
node_modules
key: npm-v14-${{ runner.os }}-${{ github.ref }}-${{ hashFiles('package.json') }}
restore-keys: |
npm-v14-${{ runner.os }}-${{ github.ref }}-
npm-v14-${{ runner.os }}-refs/heads/master-
- name: Install Node.js and npm
uses: actions/setup-node@v1
with:
node-version: 14.x
- name: Install dependencies
if: steps.cacheNpm.outputs.cache-hit != 'true'
run: |
npm update --no-save
npm update --save-dev --no-save
- name: Validate ESLint rules
run: npm run lint
+2
-3
package.json
{
"name": "@serverless/cli",
"version": "1.5.2",
"version": "1.5.3",
"description": "Serverless Components CLI",

@@ -13,3 +13,2 @@ "main": "./src/index.js",

"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"lint": "eslint . --fix --cache"

@@ -30,3 +29,3 @@ },

"prettyoutput": "^1.2.0",
"strip-ansi": "^5.2.0"
"strip-ansi": "^6.0.1"
},

@@ -33,0 +32,0 @@ "devDependencies": {