Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
JavaScript project management
$ npm i aegir
<script>
tagLoading this module through a script tag will make it's exports available as Aegir
in the global namespace.
<script src="https://unpkg.com/aegir/dist/index.min.js"></script>
The project structure when using this is quite strict, to ease replication and configuration overhead.
All source code should be placed under src
, with the main entry point being src/index.js
or src/index.ts
.
All test files should be placed under test
. Individual test files should end in .spec.js
or .spec.ts
and will be ran in all environments (node, browser, webworker, electron-main and electron-renderer). To run node specific tests a file named test/node.js
or test/node.ts
should be used to require all node test files and the same thing for the other environments with a file named test/browser.js
or test/browser.ts
.
Your package.json
should have the following entries and should pass aegir lint-package-json
.
"main": "src/index.js",
"files": [
"src",
"dist"
],
"scripts": {
"lint": "aegir lint",
"release": "aegir release",
"build": "aegir build",
"test": "aegir test",
"test:node": "aegir test --target node",
"test:browser": "aegir test --target browser"
}
Run aegir --help
Usage: aegir <command> [options]
Commands:
aegir completion generate completion script
aegir build Builds a browser bundle and TS type declara
tions from the `src` folder.
aegir check-project Ensure your project has the correct config.
aegir check Check project
aegir clean [files..] Remove created build artifacts.
aegir dependency-check [input...] Run `dependency-check` cli with aegir defau
lts. [aliases: dep-check, dep]
aegir docs Generate documentation from TS type declara
tions.
aegir document-check [input...] Run `document-check` cli with aegir default
s. [aliases: doc-check]
aegir lint-package-json Lint package.json with aegir defaults.
[aliases: lint-package, lpj]
aegir lint Lint all project files
aegir release Release using semantic-release
aegir release-rc Release an RC version of the current module
or monorepo
aegir test-dependant [repo] Run the tests of an module that depends on
this module to see if the current changes h
ave caused a regression
aegir test Test your code in different environments
aegir exec <command> Run a command in each project of a monorepo
aegir run <scripts..> Run one or more npm scripts in each project
of a monorepo
Global Options:
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
-d, --debug Show debug output. [boolean] [default: false]
Examples:
aegir build Runs the build command to bundle JS
code for the browser.
npx aegir build Can be used with `npx` to use a loca
l version
aegir test -t webworker -- --browser fir If the command supports `--` can be
efox used to forward options to the under
lying tool.
npm test -- -- --browser firefox If `npm test` translates to `aegir t
est -t browser` and you want to forw
ard options you need to use `-- --`
instead.
Use `aegir <command> --help` to learn more about each command.
Aegir can be fully configured using a config file named .aegir.js
or the package.json using the property aegir
.
// file: .aegir.js
/** @type {import('aegir').PartialOptions} */
module.exports = {
tsRepo: true,
release: {
build: false
}
}
// file: package.json
"main": "src/index.js",
"files": [
"src",
"dist"
],
"scripts": {
"lint": "aegir lint",
"release": "aegir release",
"build": "aegir build",
"test": "aegir test",
"test:node": "aegir test --target node",
"test:browser": "aegir test --target browser"
},
"aegir" : {
"tsRepo": false
}
You can find the complete default config here and the types here.
Check this template for Github Actions https://github.com/ipfs/aegir/blob/master/md/github-actions.md
In addition to running the tests aegir
also provides several helpers to be used by the tests.
Check the documentation
Aegir will detect the presence of tsconfig.json
files and build typescript as appropriate.
package.json
CHANGELOG.md
git push
to origin/master
aegir release --help
Licensed under either of
Contributions welcome! Please check out the issues.
Also see our contributing document for more information on how we work, and about contributing in general.
Please be aware that all interactions related to this repo are subject to the IPFS Code of Conduct.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
FAQs
JavaScript project management
The npm package aegir receives a total of 4,565 weekly downloads. As such, aegir popularity was classified as popular.
We found that aegir demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.