Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
.aMMMb .dMMMb dMMMMMP dMMMMb dMMMMMP dMMMMMP dMMMMMP
dMP"dMP dMP" VP dMP dMP.dMP dMP dMP dMP
dMMMMMP VMMMb dMMMP dMMMMK" dMMMP dMP dMMMP
dMP dMP dP .dMP dMP dMP"AMF dMP dK .dMP dMP
dMP dMP VMMMP" dMMMMMP dMP dMP dMMMMMP VMMMP" dMMMMMP
"Aserejé ja de jé de jebe, tu de jebere sebiunouba, majabi an de bugui an de buididipí"
Asereje is a library that builds your assets on demand.
npm install asereje
First you have to configure asereje:
var asereje = require('asereje');
asereje.config({
active: process.env.NODE_ENV === 'production'; // enable it just for production
, js_globals: ['lib/jquery', 'global', 'underscore']; // js files that will be present always
, css_globals: ['reset', 'global']; // css files that will be present always
, js_path: _dirname + '/public/javascripts' // javascript folder path
, css_path: _dirname + '/public/css' // css folder path
});
Then you can use css
or js
function to get the file names.
res.render('users/index', {
css: asereje.css(['users', users/index]) // => ['reset', 'global', 'users', 'users/index']
});
... it builds the files and the next requests fill be:
res.render('users/index', {
css: asereje.css(['users', users/index]) // => ['dist/f330099956c144c090b06f6d4bae8770', 'dist/caa6925553b03e049eeda6f70da9dc1a']
});
html
head
-if(css)
-each file in css
link(rel= 'stylesheet', href= '/css/' + file + '.css' )
...
Asereje does 3 things:
Ugilify-js
for javascripts and sqwish
for css.Built files are stored under js_path|css_path/dist
. Add expires headers to all this files so the users will have them cached forever.
// nginx conf
location ~* ^/(css|javascripts)/dist/.+\.(css|js)$ {
expires max;
}
FAQs
Asereje is a library that builds your assets on demand
The npm package asereje receives a total of 5 weekly downloads. As such, asereje popularity was classified as not popular.
We found that asereje demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.