Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@zengenti/contensis-react-base
Advanced tools
- `npm install` - install dependencies so we can use the application - `npm start` - start the application in development mode - `npm run storybook` - start storybook in development mode - `npm run build` - build the application into production-ready c
npm install
- install dependencies so we can use the applicationnpm start
- start the application in development modenpm run storybook
- start storybook in development modenpm run build
- build the application into production-ready client and server-side bundlesnpm run server
- start the application server same as we would as if it were deployed in productionnpm run build && npm run dev:server
- build the application and start the server-side application from source code (allowing us to connect a debugger and stop on code that is executed server-side)There is also a README in the webpack folder that goes into detail using multiple environments for a project and setting variables as part of launching the application.
We are using feature branches on this project, if you are developing a new feature please create a new branch with the following naming convention feature-featureName
this will clearly indicate that it is a feature branch. You should work on your feature branch until you are happy it passes tests and can be reviewed, your branch can then be merged into develop.
This is the development branch, it can be viewed by the client but they understand that it is under development and they may see some unusual things. The reasons for this branch are as follows:
Staging branch is used for reviwing features that are ready to be merged into master
This branch is the master branch, it shoould only contain code that is ready to be released.
If your commit message contains a Jira task ID gitlab will automatically add a comment to the Jira task, you can also add the following to your commit messages:
Resolves PSBP-1
Closes PSBP-1
Fixes PSBP-1
The core of the application is in package @zengenti/contensis-react-base
this must be installed as a 'production' dependency, i.e. lives in the dependencies
section of your package.json
The package handles things such as:
.env
file/src/app/features/
folder, create a new folder for each featurereducers
and sagas
when it starts/src/app/pages/
folder to set your page layouts and load your components~/pages/MyPage
avoid importing components like /src/app/pages/MyPage
or ../../../pages/MyPage
FAQs
Turbocharge your React web apps with Contensis. This package handles all dependencies for creating full featured web apps in React with Contensis and Site View. Routing is driven by Site View, Redux is used for global state management and server-side rend
The npm package @zengenti/contensis-react-base receives a total of 526 weekly downloads. As such, @zengenti/contensis-react-base popularity was classified as not popular.
We found that @zengenti/contensis-react-base demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.