Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
broccoli-inspector
Advanced tools
🔍 inspect what's really happening in your broccoli pipeline
there be 🐲 here! The API's and functionality are still be cemented, anything before a 1.0.0 release will be subject to change.
yarn add broccoli-inspector --dev
Currently the middleware is made to work with ember's built in server middleware functionality. The end goal for this project is that this will be built into broccoli directly and will be available out of the box when using broccoli in your projects.
If you are using this to profile and debug an Ember applications build, please add this to the following places.
// server/index.js
module.exports = function (app, info) {
require('broccoli-inspector/lib/middleware')(app, info);
};
To get FS timing information ensure that you add EMBER_CLI_INSTRUMENTATION=1
running ember serve
.
Currently tracking moving this functionality into broccoli here https://github.com/broccolijs/broccoli/issues/461.
Once you have done the setup done, visit http://localhost:4200/_broccoli-inspector in your browser.
We are leveraging functionality that currently exists in the broccoli nodes themselves. We are using Ember as our UI as we can debug this application with itself!
Ember exposes the broccoli watcher in a middleware through server/index.js, since we are exporting a middleware of our own that takes in an express application and the broccoli builder we are utilizing functionality that exists!
Broccoli inspector consists of three distinct parts:
As broccoli inspector is meant to give a high level understanding of what is happening in the build. Once you are able to track down a plugin that is potentially worth exploring further, using the data you find and creating benchmarking test cases for that plugin and utilizing nodejs debugging flamegraphs https://nodejs.org/en/docs/guides/diagnostics-flamegraph/ will help bring a better level of understanding to what code paths are causing issues.
0.1.2 (05/11/2020)
FAQs
🔍 inspect what's really happening in your broccoli pipeline
The npm package broccoli-inspector receives a total of 1 weekly downloads. As such, broccoli-inspector popularity was classified as not popular.
We found that broccoli-inspector demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.