Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Alfredo's primary features include:
npm install alfredo
These are intended to make some basic rote tasks easier and faster to code. alfredo defines the following functions:
alfredo.bundleSync()
Info.plist
file.alfredo.readPlistSync(path)
, alfredo.writePlistSync(path, obj)
, alfredo.readJSONSync(path)
, alfredo.writeJSONSync(path, obj)
path
.Alfredo uses a robust and complete implementation of Alfred's feedback system, generating and outputting the required XML for the attributes you specify. This breaks down into a class called Item
and a function called feedback
.
alfredo.Item(args)
The Item
class is initialized with an object of keys and values, and returns one Item
which can then be passed to the feedback
function. The following keys are currently understood by Alfredo and Alfred:
title
: The title string to show in the feedback list.subtitle
: The subtitle string to show below the title.uid
: A unique identifier string for Alfred's sorting functions.valid
: Either true
, false
, or a string. Tells Alfred whether the item is actionable.autocomplete
: A string to autocomplete Alfred's query to when an invalid item is chosen.icon
: A path to an icon image, a path to a file, or a file type (default: icon.png
).fileIcon
: If you wish to use a particular file's icon, set icon
to its path and fileIcon
to true
.fileType
: If you wish to specify a type of file whose icon Alfred should use, set icon
to the type and fileType
to True
.arg
: The argument to be passed as {query}
if the item is valid and actioned. If it contains newlines, it will be passed as a separate XML key rather than an attribute of <item></item>
.type
: Currently, can only be set to file
, which tells Alfred to treat the result as a file.A nifty trick is to pass an object with some or all of Alfredo.Item
's keys and values into the initializer. So you could conceivably do this:
var i = alfredo.Item({
title: "A Title",
subtitle: "This is only a test.",
uid: "alfredo-test",
valid: false
})
Item.get()
Returns the current values for the item in the following format. Primarily used with the feedback()
function below.
If autocomplete
or type
is set, that value will be added to the "attrib"
dictionary, as will an arg
that does not contain newlines.
Item.feedback()
, alfredo.feedback(items)
Takes either an individual item or a list of items for items
and prints a UTF-8-encoded XML string for Alfred to interpret.
Alfredo's fuzzy search is powered by the fuzzy-filter node module by DJG.
alfredo.fuzzy(pattern, items, [options])
pattern - The fuzzy String to match against.
items - An Array of String.
options - (optional)
* pre - String to insert before matching text.
* post - String to insert after matching text.
* limit - Integer maximum number of results.
* separator - String separator. Match against the last
section of the String by default.
* ignorecase - Boolean (default: true).
* ignorespace - Boolean (default: true).
* separate - Boolean (default: false). If set to true, the
function returns an array of an array of strings,
where each array is
[beforeLastSeparator, afterLastSeparator].
If set, `separator` must also be passed.
Note: If pre
is passed, you also have to pass post
(and vice-versa).
alfredo.fuzzy("cs", ["cheese", "pickles", "crackers", "pirate attack", "cs!!"])
// => ["cs!!", "cheese", "crackers"]
If your workflow needs to store a user's sensitive data, particularly a username--password pair, the safest way to do so is with the Mac OS X Keychain. The Keychain is normally an utter pain in the behind, but Alfredo makes working with it a breeze using the node-keychain module.
alfredo.keychain.getPasswordSync(opts)
opts.account
and opts.service
, returning the password.alfreo.keychain.setPasswordSync(opts)
Saves or changes the saved password for opts.account
and opts.service
to opts.Password
.alfredo.keychain.deletePasswordSync(opts)
Removes opts.account
and opts.service
's password from the Keychain.The Alfred v2 forums are a good place to look for answers, but you can also file an issue or reach me on Twitter at @npenree.
The following are the major contributors of Alfredo (in no specific order).
This module is heavily inspired by alfredo, from Daniel Shannon.
(The MIT License)
Copyright (c) 2014 Nicholas Penree <nick@penree.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
A Node Module for Alfred Workflows
The npm package alfredo receives a total of 0 weekly downloads. As such, alfredo popularity was classified as not popular.
We found that alfredo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.