Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Automated JavaScript project management.
The project structure when using this is quite strict, to ease replication and configuration overhead.
All source code should be placed under src
, with the main entry
point being src/index.js
.
All test files should be placed under test
. Individual test files should end in .spec.js
and setup files for the node and the browser should be test/node.js
and test/browser.js
respectively.
Your package.json
should have the following entries.
"main": "src/index.js",
"scripts": {
"lint": "aegir-lint",
"release": "aegir-release",
"build": "aegir-build",
"test": "aegir-test",
"test:node": "aegir-test node",
"test:browser": "aegir-test browser",
"coverage": "aegir-coverage",
"coverage-publish": "aegir-coverage publish"
}
To bring you its many benefits, aegir
requires
Linting uses eslint and standard with some custom rules to enforce some more strictness.
You can run it using
$ aegir-lint
# or as gulp task
$ gulp lint
You can run it using
$ aegir-test
# or as gulp task
$ gulp test
There are also browser and node specific tasks
$ aegir-test node
$ gulp test:node
$ aegir-test browser
$ gulp test:browser
You can run it using
$ aegir-coverage
# or as gulp task
$ gulp coverage
To auto publish coverage reports from Travis to Coveralls add this to
your .travis.yml
file. For more details see node-coveralls.
script:
- npm run coverage
after_success:
- npm run coverage-publish
This will build a browser ready version into dist
, so after publishing the results will be available under
https://unpkg.com/<module-name>/dist/index.js
https://unpkg.com/<module-name>/dist/index.min.js
You can run it using
$ aegir-build
# or as gulp task
$ gulp build
package.json
CHANGELOG.md
git push
to upstream/master
GH_TOKEN
is available)# Major release
$ gulp release --type major
$ aegir-release --type major
# Minor relase
$ gulp release --type minor
$ aegir-release --type minor
# Patch release
$ gulp release
$ aegir-release
You can also specify a --env
for a release, which can be either
'node'
, 'browser'
or 'no-build'
.
$ aegir-release --env node
$ gulp release --env node
You can generate a changelog for all versions by using --first
$ aegir-relase --first
You can skip all changelog generation and the github release by passing
in --no-changelog
.
There is a badge.
[![aegir](https://img.shields.io/badge/follows-aegir-blue.svg?style=flat-square)](https://github.com/dignifiedquire/aegir)
MIT
FAQs
JavaScript project management
The npm package aegir receives a total of 4,565 weekly downloads. As such, aegir popularity was classified as popular.
We found that aegir demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.