Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
all-contributors-cli
Advanced tools
Automate acknowledging contributors to your open source projects
You want to implement the All Contributors spec, but don't want to maintain the table by hand
This is a tool to help automate adding contributor acknowledgements according to the all-contributors specification for your GitHub or GitLab repository.
This module is distributed via npm which is bundled with node and
should be installed as one of your project's devDependencies
:
npm install --save-dev all-contributors-cli
Then init the project using init
and answer a few questions:
# Use npx for npm@^5.2.0
npx all-contributors init
# Or directly execute the bin
./node_modules/.bin/all-contributors init
Then you can add these scripts to your package.json
:
{
"scripts": {
"contributors:add": "all-contributors add",
"contributors:generate": "all-contributors generate"
}
}
and use them via npm run
:
npm run contributors:add -- jfmengels doc
npm run contributors:generate
Use generate
to generate the contributors list and inject it into your
contributors file. Contributors will be read from your configuration file.
all-contributors generate
Use add
to add new contributors to your project, or add new ways in which they
have contributed. They will be added to your configuration file, and the
contributors file will be updated just as if you used the generate
command.
# Add new contributor <username>, who made a contribution of type <contribution>
all-contributors add <username> <contribution>
# Example:
all-contributors add jfmengels code,doc
Where username
is the user's GitHub or Gitlab username, and contribution
is a
,
-separated list of ways to contribute, from the following list
(see the specs):
Use check
to compare contributors from GitHub with the ones credited in your
.all-contributorsrc
file, in order to make sure that credit is given where
it's due.
all-contributors check
Due to GitHub API restrictions, this command only works for projects with less than 500 contributors.
You can configure the project by updating the .all-contributorsrc
JSON file.
The data used to generate the contributors list will be stored in there, and you
can configure how you want all-contributors-cli
to generate the list.
These are the keys you can specify:
files
: Array of files to update. Default: ['README.md']
projectOwner
: Name of the user the project is hosted by. Example:
jfmengels/all-contributors-cli
--> jfmengels
. Mandatory.projectName
: Name of the project. Example: jfmengels/all-contributors-cli
--> all-contributors-cli
. Mandatory.repoType
: Type of repository. Must be either github
or gitlab
. Default: github
.repoHost
: Points to the repository hostname. Change it if you use a self hosted repository. Default: https://github.com
if repoType
is github
, and https://gitlab.com
if repoType
is gitlab
.types
: Specify custom symbols or link templates for contribution types. Can
override the documented types.imageSize
: Size (in px) of the user's avatar. Default: 100
.contributorsPerLine
: Maximum number of columns for the contributors table.
Default: 7
.contributorTemplate
: Define your own template to generate the contributor
list.badgeTemplate
: Define your own template to generate the badge.Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind are welcome!
MIT
FAQs
Tool to easily add recognition for new contributors
The npm package all-contributors-cli receives a total of 37,120 weekly downloads. As such, all-contributors-cli popularity was classified as popular.
We found that all-contributors-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.Β It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVDβs backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.