Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@slack/cli-hooks
Advanced tools
Node implementation of the contract between the Slack CLI and Bolt for JavaScript
The @slack/cli-hooks
package contains scripts that implement the contract
between the Slack CLI and Bolt for JavaScript.
This library enables inter-process communication between the Slack CLI and applications built with Bolt for JavaScript.
When used together, the CLI delegates various tasks to the Bolt application by
invoking processes ("hooks") and then making use of the responses provided by
each hook's stdout
.
For a complete list of available hooks, read the Supported Hooks section.
This package supports Node v18 and higher. It's highly recommended to use the latest LTS version of Node.
An updated version of the Slack CLI is also encouraged while using this package.
Add this package as a development dependency for your project with the following command:
$ npm install --save-dev @slack/cli-hooks
Follow the installation guide to download the Slack CLI and easily run the scripts included in this package.
A Slack CLI-compatible Slack application includes a slack.json
file that
contains hooks specific to that project. Each hook is associated with commands
that are available in the Slack CLI. By default, get-hooks
retrieves all of
the supported hooks and their corresponding scripts as defined in
this package.
The CLI will try to use the version of the @slack/cli-hooks
specified in your
application's package.json
. The hooks in this package are automatically added
to the ./node_modules/.bin
directory of your application when this package is
installed.
The hooks that are currently supported for use within the Slack CLI include
check-update
, doctor
, get-hooks
, get-manifest
, and start
:
Hook Name | CLI Command | File | Description |
---|---|---|---|
check-update | slack update | check-update.js | Checks the project's Slack dependencies to determine whether or not any packages need to be updated. |
doctor | slack doctor | doctor.js | Returns runtime versions and other system dependencies required by the application. |
get-hooks | All | get-hooks.js | Fetches the list of available hooks for the CLI from this repository. |
get-manifest | slack manifest | get-manifest.js | Converts a manifest.json file into a valid manifest JSON payload. |
start | slack run | start.js | While developing locally, the CLI manages a socket connection with Slack's backend and utilizes this hook for events received via this connection. |
To customize the behavior of a hook, add the hook to your application's
slack.json
file and provide a corresponding script to be executed.
When commands are run, the Slack CLI will look to the project's hook definitions and use those instead of what's defined in this library, if provided. Only supported hooks will be recognized and executed by the Slack CLI.
Below is an example slack.json
file that overrides the default start
hook:
{
"hooks": {
"get-hooks": "NODE_NO_WARNINGS=1 npx -q --no-install -p @slack/cli-hooks slack-cli-get-hooks",
"start": "npm run dev"
}
}
Sometimes the hook scripts are installed globally and might not be automatically
updated. To determine the source of these scripts, check the node_modules/.bin
directory of your project then run the following command:
$ which npx slack-cli-get-hooks # macOS / Linux
C:\> where.exe npx slack-cli-get-hooks # Windows
These hooks can be safely removed and reinstalled at your application directory to ensure you're using the correct version for your project.
If you get stuck, we're here to help. The following are the best ways to get assistance working through your issue:
developers@slack.com
FAQs
Node implementation of the contract between the Slack CLI and Bolt for JavaScript
The npm package @slack/cli-hooks receives a total of 16 weekly downloads. As such, @slack/cli-hooks popularity was classified as not popular.
We found that @slack/cli-hooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.