Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@studyportals/bestfit-shared
Advanced tools
BestFit-Shared
BestFit-Shared is part of the BestFit codebase
Current services (in use)
Front-end
- https://github.com/studyportals/AdmissionChance / shows the questionnaire with academic questions
- https://github.com/studyportals/AdmissionChance-Answer / shows the verdict
- https://github.com/studyportals/BestFit-Budget / shows the questionnaire with budget questions
- https://github.com/studyportals/BestFit-Shared / contains code shared between all the front-end projects
- https://github.com/studyportals/BestFit-Test / runs end-to-end integration tests on all products
API
- https://github.com/studyportals/BestFit-Service / runs the API to check academic and budget fitness
Shared code for individual parts of the bigger tool that considers several categories to see if a study fits well.
NPM package
As of January 2019 BestFit-Shared was switched from a submodule to an NPM package. All the good practices for packages in general must be followed for BestFit-Shared as well.
General workflow
Depending on the changes that you want to implement, you might want to work with only BestFit-Shared, or maybe AdmissionChance-Answer and BestFit-Shared. Or perhaps you're including all the BestFit-related FE repositories at the same time.
When you work on any of the FE microservices along with BestFit-Shared, it's useful that BestFit-Shared is on the right version not only for your local deployment, but for the end-to-end tests that run inside pull requests as well.
Therefore, when you first open up a pull request in any of the FE microservice repositories, make sure to install BestFit-Shared on the branch that you have open, like this:
npm install git+ssh://github.com/studyportals/bestfit-shared.git#ua-my-branch --save
This way you can update the package with the latest changes without bumping it to a newer version. Travis won't be able to run the end-to-end tests though, because it does not have access to pull the changes directly from GitHub. For developing and making your new changes working, this way of installing the most recent changes works nicely though.
Then, when your version of BestFit-Shared works as it should and you're all done to wrap things up and merge to develop all your changes in the repositories you're working on, you can bump the BestFit-Shared version and merge your changes for this package. Inside the FE microservices you can replace the BestFit-Shared branch version with the new latest version, and that's it.
Keywords
FAQs
Package last updated on 14 Jan 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
By Kirill Boychenko - Jun 03, 2025
Research
Security News
Malicious npm Packages Target BSC and Ethereum to Drain Crypto Wallets
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
By Olivia Brown - Jun 02, 2025