Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A package manager for BBEdit.
BBEdit is the leading professional HTML and text editor for the Macintosh. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides an abundance of high-performance features for editing, searching, and manipulation of text. An intelligent interface provides easy access to BBEdit’s best-of-class features, including grep pattern matching, search and replace across multiple files, project definition tools, function navigation and syntax coloring for numerous source code languages, code folding, FTP and SFTP open and save, AppleScript, Mac OS X Unix scripting support, text and code completion, and of course a complete set of robust HTML markup tools.
http://www.barebones.com/products/bbedit/
BBEdit is a fantastic text editor for OS X. It's rock-solid, well-designed, and its project-wide search functionality is one of the best implementations I've come across. I much prefer it to alternative editors such as Sublime or Chocolat.
Unfortunately, BBEdit lags behind other editors when it comes to available plugins. BBEdit provides support for creating and sharing "packages," but no centralized mechanism by which these packages can easily be found and installed has existed... until now.
$ sudo npm install -g bbpackage
That's it. You're done.
$ bbpackage search jshint
$ bbpackage install jshint
$ bbpackage uninstall jshint
The bbpackage
utility works similarly to Bower, if you're familiar with that. Packages are registered on a first-come, first-serve basis, and must be available on GitHub. The following example illustrates how you would go about registering a new package:
$ bbpackage register jshint https://github.com/tkambler/bbedit-jshint
To understand how to go about creating your own packages, it would be best to look at an actual example:
The BBEdit documentation defines a format that packages should follow (see the "Language Modules and Packages" chapter), and that is exactly what bbpackage expects, with one optional addition:
If you are familiar with Node.js and prefer to write your packages within that framework (like I do), within your package's Contents
folder, you can create a package.json
file. If this file exists, bbpackage will automatically install any defined dependencies when your package is installed.
This project is in its infancy. If you'd like to discuss, join the #bbpackage channel on Freenode.
FAQs
A package manager for BBEdit.
The npm package bbpackage receives a total of 15 weekly downloads. As such, bbpackage popularity was classified as not popular.
We found that bbpackage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.