
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@stora-sh/cli
Advanced tools
Stora CLI — compliance scans, screenshots, ASO, submission status for iOS + Android from your terminal
Stora's CLI. Compliance scans, screenshots, ASO metadata, and submission status — for iOS + Android, from your terminal and CI.
Stora is the post-code layer. Your IDE writes code;
storahandles everything downstream.
npm install -g @stora-sh/cli
# or, run once
npx @stora-sh/cli --help
Get an API key at https://stora.sh/settings/api-keys (keys start with sk_stora_).
# option 1 — persist (stored 0600 at ~/.config/stora/credentials.json)
stora login --api-key sk_stora_…
# option 2 — env var, wins over the saved file
export STORA_API_KEY=sk_stora_…
For self-hosted or local dev against a Stora Next.js dev server:
stora login --api-key sk_stora_… --base-url http://localhost:3000/api/v1
# or
export STORA_BASE_URL=http://localhost:3000/api/v1
stora init # scaffold .stora.yml + .github/workflows/stora-check.yml
stora projects list # list projects accessible to your key
stora projects get <projectId>
stora check <projectId> # run compliance, poll, exit non-zero if score < threshold
stora check --all-projects # agency pattern — scan every accessible project
stora check:results <projectId> <scanId>
stora screenshots list <projectId>
stora screenshots generate <projectId> --device iphone-16-pro --target-store apple
stora screenshots get <projectId> <collectionId> --json
stora metadata get <projectId>
stora metadata set <projectId> --ios-subtitle "Ship faster" --ios-keywords "mobile,dev,tools"
stora status <projectId>
stora submit <projectId> --store app-store --platform ios --yes
stora whoami
stora logout
Every command that reads data supports --json for piping into other tools.
0 — success1 — user error (missing auth, bad arg, API error)2 — compliance scan completed below the --threshold score (default 80)stora check in GitHub Actionsstora init drops a starter workflow at .github/workflows/stora-check.yml. Add STORA_API_KEY to your repo secrets and edit the workflow to pass your Stora project id:
- name: Run compliance check
env:
STORA_API_KEY: ${{ secrets.STORA_API_KEY }}
run: stora check proj_abc123 --threshold 85
The job fails the PR if score falls below --threshold.
stora submit wraps the historical /api/v1/.../submit route, which is bookkeeping only — it records a local submissions row but does not transmit your app to App Store Connect or Google Play. For real App Store submission, use the Stora dashboard (or call /api/apple/submit-for-review directly). Google Play write-path via v1 is not yet implemented.
The CLI warns you every time and requires --yes to proceed so nobody gets surprised.
npm install
npm run build
npm test
MIT
FAQs
Stora CLI — compliance scans, screenshots, ASO, submission status for iOS + Android from your terminal
The npm package @stora-sh/cli receives a total of 4 weekly downloads. As such, @stora-sh/cli popularity was classified as not popular.
We found that @stora-sh/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.