Security News
Feross on TBPN: How North Korea Hijacked Axios
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
By Sarah Gooding - Apr 08, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@solid-soda/scripts
Advanced tools
@solid-soda/scripts
[](https://github.com/solid-soda/scripts)
@solid-soda/scripts
Speed up the creation and maintenance of your JS applications. Zero configuration way to use modern code-quality tools.
- Zero-config. Any tool is already configured for you.
- Universal. Supports TS, React, and can be used with any tech.
- Uniform. Config can be shared (all projects have the same configs).
TL;DR
yarn dlx @solid-soda/scripts
or if you prefer npm
npx @solid-soda/scripts
Motivation
- Before start to code we must set-up ESLint, Stylelint, Prettier, Commitizen, etc. We can to automate all of this. Machines have to suffer.
- New lint rule adding is a hell. We provide the one source of true for any project. Just run
@solid-soda/scriptsin your project directory.
Usage
Just run scripts in a directory with your project.
If you use yarn@berry, just run:
yarn dlx @solid-soda/scripts
If you use npm of yarn@classic, just run:
npx @solid-soda/scripts
It will generate all configs and put it to repository. Now, you can use any provided tool.
Some scripts will be added to your package.json:
commit— runs Commitizen and allow create nice commit messagespretty— runs Prettier and format all code in the repolint:code— runs ESLint and preform static analysis of code
If you have some styles in the repo, we will add extra script:
lint:styles— runs Stylelint and preform static analysis of styles
If you want to release repo by git-tags, we will add ont more script:
release— runs Standard Version, updates CHANGELOG.md, bump version inpackage.jsonand created git-tag
Also, this library sets up lint-staged (prettify all staged files), Commitlint (check commit messages by Conventional Commits specifications) and simple-git-hooks (to run Prettier and Commitlint).
Migration guide
Upgrading from version 1.x.x, you must do one simple action: just run @solid-soda/scripts in your repository.
For example:
npx @solid-soda/scripts
Acknowledgements
This project based on mrm and setup configs for Commitizen, Commitlint, ESLint, simple-git-hooks, lint-staged, Prettier, Stylelint.
FAQs
[](https://github.com/solid-soda/scripts)
The npm package @solid-soda/scripts receives a total of 4 weekly downloads. As such, @solid-soda/scripts popularity was classified as not popular.
We found that @solid-soda/scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 12 Mar 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Attackers Are Impersonating a Linux Foundation Leader in Slack to Target Open Source Developers
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.
By Sarah Gooding - Apr 08, 2026
Research
/Security News
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
By Kirill Boychenko - Apr 07, 2026