Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
bumpversions
Advanced tools
Bump the patch version number in the provided version_file
.
Bumps version numbers found after lines containing [bump]
.
Please use the js
branch that is faster and better.
- name: Bump version
uses: remorses/bump-version@js
with:
version_file: ./VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
You can give a prefix to the tag, the action will relace version after line containing the pattern [bump if {prefix}]
Useful if you have many versions to bump.
- name: Bump versions
uses: remorses/bump-version@js
with:
version_file: ./dir2/VERSION
prefix: dir2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# will create the tag {prefix}_{version}
You can give prefixes to tags
- name: Bump version
uses: remorses/bump-version@js
with:
version_file: ./dir2/VERSION
prefix: dir2
env:
BRANCH: custom_branchname
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if used as npm bin it won't push, do it manually locally
npm i -g bumpversions
INPUT_VERSION_FILE=versionpath bumpversions
git push
git push --tags
FAQs
JavaScript template action
The npm package bumpversions receives a total of 0 weekly downloads. As such, bumpversions popularity was classified as not popular.
We found that bumpversions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.