Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Automated JavaScript project management.
Soon™
v11
There was a large refactor from v11
to v12
, so there is some migration needed. All features you need should still be there, but you might need to change some things.
The aegir
section in package.json
was not really useful anymore so it is not supported anymore. Any custom configuration you need can be done in .aegir.js
.
As we are no longer using gulp
the previous setup using a custom gulpfile
will not work anymore. To setup hooks around your tests you can use a new configuration option hooks
in .aegir.js
.
// .aegir.js
module.exports = {
hooks: {
pre (callback) {
console.log('I am called before node and browser tests')
callback()
},
post (callback) {
console.log('I am called after node and browser tests')
callback()
}
}
}
You can also specify hooks.browser
and hooks.node
if you have a different setup for browser and/or node based tests.
aegir
is now a single binary with subcommands. You should rename aegir-test
to aegir test
in your scripts.
Performing a release involves creating new commits and tags and then pushing them back to the repository you are releasing from. In order to do this you should create a GitHub personal access token and store it in the environmental variable AEGIR_GHTOKEN
.
The only access scope it needs is public_repo
.
Be aware that by storing it in ~/.profile
or similar you will make it available to any program that runs on your computer.
The project structure when using this is quite strict, to ease replication and configuration overhead.
All source code should be placed under src
, with the main entry
point being src/index.js
.
All test files should be placed under test
. Individual test files should end in .spec.js
and setup files for the node and the browser should be test/node.js
and test/browser.js
respectively.
Your package.json
should have the following entries.
"main": "src/index.js",
"scripts": {
"lint": "aegir lint",
"release": "aegir release",
"build": "aegir build",
"test": "aegir test",
"test:node": "aegir test --target node",
"test:browser": "aegir test --target browser",
"coverage": "aegir coverage",
"coverage-publish": "aegir coverage --upload"
}
To bring you its many benefits, aegir
requires
Linting uses eslint and standard with some custom rules to enforce some more strictness.
You can run it using
$ aegir lint
You can run it using
$ aegir test
There are also browser and node specific tasks
$ aegir test --target node
$ aegir test --target browser
$ aegir test --target webworker
Loading fixture files in node and the browser can be painful, that's why aegir provides
a method to do this. For it to work you have to put your fixtures in the folder test/fixtures
, and then
// test/awesome.spec.js
const loadFixture = require('aegir/fixtures')
const myFixture = loadFixture('test/fixtures/largefixture')
The path to the fixture is relative to the module root.
If you write a module like interface-ipfs-core which is to be consumed by other modules tests you need to pass in a third parameter such that the server is able to serve the correct files.
For example
// awesome-tests module
const loadFixture = require('aegir/fixtures')
const myFixture = loadFixture('test/fixtures/coolfixture', 'awesome-tests')
// tests for module using the awesome-tests
require('awesome-tests')
// .aegir.js file in the module using the awesome-tests module
'use strict'
module.exports = {
karma: {
files: [{
pattern: 'node_modules/awesome-tests/test/fixtures/**/*',
watched: false,
served: true,
included: false
}]
}
}
You can run it using
$ aegir coverage
To auto publish coverage reports from Travis to Coveralls add this to
your .travis.yml
file. For more details see node-coveralls.
script:
- npm run coverage -- -upload
This will build a browser ready version into dist
, so after publishing the results will be available under
https://unpkg.com/<module-name>/dist/index.js
https://unpkg.com/<module-name>/dist/index.min.js
You can run it using
$ aegir build
Specifying a custom entry file for Webpack
By default, aegir
uses src/index.js
as the entry file for Webpack. You can customize which file to use as the entry point by specifying entry
field in your user configuration file. To do this, create .aegir.js
file in your project's root diretory and add point the entry
field to the file Webpack should use as the entry:
module.exports = {
entry: "src/browser-index.js",
}
Webpack will use the specified file as the entry point and output it to dist/<filename>
, eg. dist/browser-index.js
.
If .aegir.js
file is not present in the project, webpack will use src/index.js
as the default entry file.
Pass the --stats
option to have Webpack generate a stats.json
file for the bundle and save it in the project root (see https://webpack.js.org/api/stats/). e.g.
aegir build --stats
package.json
CHANGELOG.md
git push
to origin/master
# Major release
$ aegir release --type major
# Minor relase
$ aegir release --type minor
# Patch release
$ aegir release
This requires
AEGIR_GHTOKEN
to be set.
You can also specify the same targets as for test
.
If no CHANGELOG.md
is present, one is generated the first time a release is done.
You can skip all changelog generation and the github release by passing
in --no-changelog
.
If you want no documentation generation you can pass --no-docs
to the release task to disable documentation builds.
You can use aegir-docs
to generate documentation. This uses documentation.js with the theme clean-documentation-theme.
To publish the documentation automatically to the gh-pages
branch you can run
$ aegir docs --publish
MIT
FAQs
JavaScript project management
The npm package aegir receives a total of 4,565 weekly downloads. As such, aegir popularity was classified as popular.
We found that aegir demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.