
Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
@tophat/commitlint-config
Advanced tools
Top Hat's shareable configuration for commitlint
Using Yarn:
yarn add @tophat/commitlint-config --dev
Or using npm:
npm install @tophat/commitlint-config --save-dev
Make sure you have commitlint setup in your repo
Create a file called commitlint.config.js
and add the following snippet to it:
module.exports = {
extends: ['@tophat/commitlint-config']
}
[Optional] Create a pre commit hook using husky to enforce automatic linting for every commit by adding this to your package.json
file
{
"husky": {
"hooks": {
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
}
}
}
Git hooks can get parameters via command-line arguments and stdin. Husky makes them accessible to commitlint via HUSKY_GIT_PARAMS.
The following rules are considered problems for @tophat/commitlint-config
and will yield a non-zero exit code when not met.
condition: type
is found in value
rule: always
value
[
'wip',
'feat',
'fix',
'cr',
'style',
'refactor',
'perf',
'docs',
'test'
'revert',
'build',
'ci',
'chore',
]
Examples
echo "foo: some message" # fails
echo "fix: some message" # passes
header
has value
or less charactersalways
72
Examples
echo "fix: some message that is way too long and breaks the line max-length by several characters" # fails
echo "fix: some message" # passes
subject
is emptynever
Examples
echo "fix:" # fails
echo "fix: some message" # passes
type
is in case value
always
'lower-case'
Examples
echo "FIX(scope): some message" # fails
echo "fix(scope): some message" # passes
type
is emptynever
Examples
echo ": some message" # fails
echo "fix: some message" # passes
The following rules are considered warnings for @tophat/commitlint-config
. Commitlint will pass but generate warnings if these conditions are not met.
body
begins with blank linealways
footer
begins with blank linealways
FAQs
Top Hat's config for commitlint
The npm package @tophat/commitlint-config receives a total of 472 weekly downloads. As such, @tophat/commitlint-config popularity was classified as not popular.
We found that @tophat/commitlint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Security News
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
Product
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.