Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
JavaScript project management
$ npm i aegir
<script>
tagLoading this module through a script tag will make it's exports available as Aegir
in the global namespace.
<script src="https://unpkg.com/aegir/dist/index.min.js"></script>
The project structure when using this is quite strict, to ease replication and configuration overhead.
All source code should be placed under src
, with the main entry point being src/index.js
or src/index.ts
.
All test files should be placed under test
. Individual test files should end in .spec.js
or .spec.ts
and will be ran in all environments (node, browser, webworker, electron-main and electron-renderer). To run node specific tests a file named test/node.js
or test/node.ts
should be used to require all node test files and the same thing for the other environments with a file named test/browser.js
or test/browser.ts
.
Your package.json
should have the following entries and should pass aegir lint-package-json
.
"main": "src/index.js",
"files": [
"src",
"dist"
],
"scripts": {
"lint": "aegir lint",
"release": "aegir release",
"build": "aegir build",
"test": "aegir test",
"test:node": "aegir test --target node",
"test:browser": "aegir test --target browser"
}
Run aegir --help
Usage: aegir <command> [options]
Commands:
aegir build Builds a browser bundle and TS type declarations from the `src` folder.
aegir check Check project
aegir docs Generate documentation from TS type declarations.
aegir doc-check Verify TS code snippets in documentation.
aegir lint Lint all project files
aegir release Release your code onto the world
aegir test-dependant [repo] Run the tests of an module that depends on this module to see if the current changes have caused a regression
aegir test Test your code in different environments
aegir dependency-check [input...] Run `dependency-check` cli with aegir defaults. [aliases: dep-check, dep]
aegir lint-package-json Lint package.json with aegir defaults. [aliases: lint-package, lpj]
aegir completion generate completion script
Global Options:
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
-d, --debug Show debug output. [boolean] [default: false]
--ts-repo Enable support for Typescript repos. [boolean] [default: false]
Examples:
aegir build Runs the build command to bundle JS code for the browser.
npx aegir build Can be used with `npx` to use a local version
aegir test -t webworker -- --browser firefox If the command supports `--` can be used to forward options to the underlying tool.
npm test -- -- --browser firefox If `npm test` translates to `aegir test -t browser` and you want to forward options you need to use `-- --` instead.
Use `aegir <command> --help` to learn more about each command.
Aegir can be fully configured using a config file named .aegir.js
or the package.json using the property aegir
.
// file: .aegir.js
/** @type {import('aegir').PartialOptions} */
module.exports = {
tsRepo: true,
release: {
build: false
}
}
// file: package.json
"main": "src/index.js",
"files": [
"src",
"dist"
],
"scripts": {
"lint": "aegir lint",
"release": "aegir release",
"build": "aegir build",
"test": "aegir test",
"test:node": "aegir test --target node",
"test:browser": "aegir test --target browser"
},
"aegir" : {
"tsRepo": false
}
You can find the complete default config here and the types here.
Check this template for Github Actions https://github.com/ipfs/aegir/blob/master/md/github-actions.md
In addition to running the tests aegir
also provides several helpers to be used by the tests.
Check the documentation
Aegir will detect the presence of tsconfig.json
files and build typescript as appropriate.
package.json
CHANGELOG.md
git push
to origin/master
aegir release --help
Licensed under either of
Contributions welcome! Please check out the issues.
Also see our contributing document for more information on how we work, and about contributing in general.
Please be aware that all interactions related to this repo are subject to the IPFS Code of Conduct.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
FAQs
JavaScript project management
The npm package aegir receives a total of 4,565 weekly downloads. As such, aegir popularity was classified as popular.
We found that aegir demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.