Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@vicinity/eslint-config-vcx
Advanced tools
@vicinity/eslint-config-vcx
eslintrc as an extensible shared config for vicinity projects
Usage
Add as npm dependency
yarn add @vicinity/eslint-config-vcx -D
NOTE to use private npm registry you have to be logged in with npm login
ESlint
Create an .eslintrc.json file at the root of your project
{
"extends": "@vicinity/eslint-config-vcx"
}
Release
To automate the release process and simplify CI, we use the
the Angular commit message convention which is also the default commit message convention for semantic-release. Please ensure you follow the guidelines.
How it works?
A new release happens when the master branch builds successfully and there's a formatted commit message that should trigger a semantic version change. A Git tag is created, a GitHub release is created and the package is published to NPM under the new semantic version.
Committing
We use commitlint for commit linting, and husky for Git hooks to prevent bad git commit & git push (specifically, the commit-msg hook.
Take a look at the git history (git log) to get the gist of it.
If you'd like to get some CLI assistance for the commit message format:
npm install
npm run commit
The npm run commit script triggers a helpful commit message CLI (the commitlint cli package)
NOTE: If you're unsure of the options available when running this command you can type in help to see a list of options.
Publishing
The process of creating git tag, updating [CHANGELOG.md, package.json , package-lock.json] and publishing to NPM is fully automated in Buildkite.
For each new commit added to the release branch (master) with git push or by merging a pull request, a CI build is triggered in Buildkite and runs the semantic-release command to make a release if there are codebase changes since the last release that affect the package functionalities.
How to delete a tag
You may need to do this in the case that the release in BuildKite doesn't work or you accidentally create the tag on your local machine
Delete broken tag:
delete local tag 'X.Y.Z'
git tag -d "X.Y.Z"
delete remote tag 'X.Y.Z'
You will only need to run this if the tag created was pushed to the remote repository
git push origin :refs/tags/X.Y.Z
FAQs
eslintrc as an extensible shared config for vicinity projects
We found that @vicinity/eslint-config-vcx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 14 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025