Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
amd-builder
Advanced tools
This project aims at providing a NodeJS service to build bundles out of AMD projects in a git repository. This was developed to help jQuery Mobile build the bundle builder. Initial checkout as well as workspace creation have to be done manually.
Fetch the latest version of the repo from the default remote.
Force checkout the ref into the {project}/{ref}/{repo} workspace if it exists.
Traces 1st level dependencies.
URL arguments are:
baseUrl
: The baseUrl for module name to file resolutionnames
: An optional comma separated list of modules to include in the dependency map. If it's not specified, the service will compute the dependency map for all the .js files in the baseUrl
directory.name
is the name of the file generated it defaults to repo
.js
name
has extension .js (default) calls require.js to build the js bundlename
has extension .css will resolve css dependencies through the //css:
metadata and return a css bundlename
has extension .zip will do all of the above in both optimize and non-optimized and return a zip file with 4 files in itBuilds a bundle for this repository's ref
URL arguments are:
baseUrl
: The baseUrl for module name to file resolutioninclude
: A comma separated list of modules to include in the bundleexclude
: A comma separated list of modules to exclude from the bundleoptimize
: true or falsemkdir <basedir>/repos
cd <basedir>/repos
git clone --bare git://github.com/yourname/yourproject.git
mkdir <basedir>/staging
Install the dependencies with npm install
Start the service:
node server.js -r <basedir>/repos -s <basedir>/staging
http://instance:3000/post_receive
Copyright (c) 2012, Ghislain Seguin (MIT License)
FAQs
A service that builds bundles from AMD projects resources
We found that amd-builder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.