Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Package components for Appcelerator Titanium, Alloy and Arrow projects for distribution via NPM.
Package components for Appcelerator Titanium, Alloy and Arrow projects for distribution via NPM.
NOTE: Running
appc-npm <type>
for your component only updates/adds apackage.json
andappc-npm
postinstall executable. It adds no dependencies and does not change your code.
$ [sudo] npm install -g appc-npm
Simply navigate to your Titanium module or library, Alloy widget, sync adapter, Arrow connector or other component and run the CLI with the command for that component:
$ cd mywidget
$ appc-npm widget
+ alloy-widget-myWidget@1.0.0
$ npm publish
+ alloy-widget-myWidget@1.0.0
$ npm install alloy-widget-myWidget --save
> alloy-widget-myWidget@1.0.0 postinstall /Users/fokkezb/myProject/node_modules/alloy-widget-myWidget
> node ./appc-npm
alloy-widget-myWidget@1.0.0 node_modules/alloy-widget-myWidget
After which you'll find the widget in:
./app/widgets/myWidget
You can add dependencies to other Appcelerator dependencies on NPM to the package.json
of your packaged component. So if your Alloy widget depends on a library, module or other widget then you can install them all in one go.
$ npm install alloy-widget-myWidget --save
> alloy-widget-myWidget@1.0.0 postinstall /Users/fokkezb/myProject/node_modules/alloy-widget-myWidget
> node ./appc-npm
> appc-lib-xp.ui@1.0.0 postinstall /Users/fokkezb/myProject/node_modules/alloy-widget-myWidget/node_modules/appc-lib-xp.ui
> node ./appc-npm
alloy-widget-myWidget@1.0.0 node_modules/alloy-widget-myWidget
├── appc-lib-xp.ui@1.0.0
After which you'll find the widget and the lib it depends on in:
./app/widgets/myWidget
./app/lib/xp.ui.js
Run the command again to update the packaged installer, update the version (for components like Alloy widgets) and add missing files to copy.
$ appc-npm widget
+ alloy-widget-myWidget@1.0.1
You can use the following commands or types of components:
widget
Alloy Widgets. Uses widget.json
to populate the package.json
, ignores that same file for the installer and uses alloy-widget-<id>
as the package name.
sync
Alloy sync adapters. Searches for the first .js
and uses alloy-sync-<filename>
as the package name and 1.0.0
for the version. All other files are ignored for the installer.
theme
Alloy themes. Uses alloy-sync-<dirname>
as the package name and 1.0.0
for the version. It ignores the generated package.json
for the installer.
lib
Titanium, Alloy or Arrow CommonJS libraries. Searches for the first .js
and uses alloy-sync-<filename>
as the package name and 1.0.0
for the version. All other files are ignored for the installer.
block
Arrow post or pre-blocks. Searches for the first .js
to determine the base path and adds that file to the list of paths to copy to the project. The default package name is arrow-block-<filename>
and version is 1.0.0
.
connector
Arrow connectors. Searches for package.json
to determine the target for the installer and will update the file with the postinstall
script and appc-npm
property, leaving the name and version as it is.
module
Titanium modules. Searches for the most recent ZIP file and adds that file to the files
field of the package.json
so that only that file and our installer will be published to NPM. It also reads the manifest
to use in the default package, which is ti-module-<id>
, and for the version.
$ npm install
$ npm test
To add new types of components, provide a PR with a type, fixture and test.
Please report issues and features requests in the repo's issue tracker.
Distributed under MIT License.
FAQs
Package components for Appcelerator Titanium, Alloy and Arrow projects for distribution via NPM.
The npm package appc-npm receives a total of 0 weekly downloads. As such, appc-npm popularity was classified as not popular.
We found that appc-npm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.