
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
脚手架基于node开发
在项目根目录下运行
npm install -g bgm-cli
Usage: bgm <command>
Commands:
add|a Add a new template
list|l List all the templates
server Start a devServer
fetch fetch something
init|i Generate a new project
dll create dll
build build production
clean clean outputdir
delete|d Delete a template
map|m Place files to diffirent position
Options:
-h, --help output usage information
-V, --version output the version number
bgm add
新建模版,向本地添加一个模版的git仓库,主要来自GitHub上,比如domain模版
新建模版时,按照向导
回车确定,然后可以通过bgm list命令进行查看
bgm list
┌───────────────┬─────────────┬────────┐
│ Template Name │ Owner/Name │ Branch │
├───────────────┼─────────────┼────────┤
│ domain │ snmi/domain │ master │
└───────────────┴─────────────┴────────┘
bgm server
说明:当dll没打的时候,server命令会把dll按照development环境生成一遍
bgm init
生成模版时,按照向导
回车确认之后,脚手架会在当前目录下新建./Market文件夹
bgm dll
注意:运行打包dll的命令时,打的是production环境下的包
bgm build <host>
例如:bgm build test打包测试环境 注意:无参数时打包release环境代码
bgm clean
本项目fork自(scion)[https://github.com/jrainlau/scion]
FAQs
tool,cli,bgm
The npm package bgm-cli receives a total of 22 weekly downloads. As such, bgm-cli popularity was classified as not popular.
We found that bgm-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.