Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
asset-assistant
Advanced tools
**Asset assistant** is a tool for coordinating non-js files across multiple projects. The intended use for copying .css and media files from a project in the *'node_modules'* directory into the projects public html directory.
Asset assistant is a tool for coordinating non-js files across multiple projects. The intended use for copying .css and media files from a project in the 'node_modules' directory into the projects public html directory.
The 0.0.* versions are for building up the repository and may have changes in the command specification.
These programs are intended to be used with the npm package manager. As such they make use of the package.json file and the node_modules directory. All file selections use the Glob package.
Copy all asset files from source directories and source packages to a specified build directory.
Add <script>
and <link>
tags to an html file based upon directory
contents.
npm i asset-assistant
.src
parameter dictates the files to copy to destination. This refers
to local files and remote. Default is 'src/assets/**/*'.local-src
parameter dictates the sources to copy only if this project
is the target.dest
parameter dictates the target directory, defaults to build/
.
This is where other projects assets will be copied to. defaults to 'public_html'.flat
parameter when true copies files without the directory structure,
defaults to false.up
parameter defines how many src directories to omit on copy.
Defaults to 1
which is the project name directory. This Typically is not
modified.The asset command accepts the following flags
In the package.json file (unrequired fields omitted).
"dependencies": {
"Collection": "file:../Collection",
"Context": "file:../Context",
"asset-assistant": "file:D:/project-local/assets",
"jquery": "^3.3.1",
"nidget": "file:../Nidget"
},
"scripts": {
"build-assets": "assets",
"build-remote": "assets --fileset=local-src",
"inject-header": "inject src/* src/css/* index.html"
},
"assets": {
"src": [
"src/assets/**/*",
"src/css/dialog.css"
],
"local-src": [
"src/*.html"
]
}
The script 'build-assets' will recursively copy all files in the src/assets directory into the build/src/assets directory. It will also copy 'dialog.css' into the build/css directory. It will then look for the "assets" parameter in the package.json of all dependencies (Collection, Context, etc), if found it will copy files specified by their 'src' parameters and recursively look in their dependencies for more assets. If not found then the recursive search will not follow that branch.
The script 'build-remote' will copy all html files from src/html to build/html, and will not recursive search.
The script 'inject-header' will add a <script>
or <link>
element into
'index.html' for each .js and .css file found. The paths will be relative to
the location of 'index.html'.
Development is setup as a NetBeans project. These are reminders to how the project is setup and is not needed to run it.
git clone git@git.sharcnet.ca:edward/asset-assistant.git
.npm install
in the project root directory.npm publish
.The package.json bin
parameter specifies where to find command line tools.
FAQs
A lightweight tool for copying files from other packages.
The npm package asset-assistant receives a total of 0 weekly downloads. As such, asset-assistant popularity was classified as not popular.
We found that asset-assistant demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.