![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
cdklabs-projen-project-types
Advanced tools
Readme
This repository stores custom project types extended from projen
with cdklabs defaults
baked in. This is meant to serve as a hook for continuous management of all repos we own.
With cdklabs projen types, we can add new configuration as they come up and have it
propogate to all repositories using the type.
This type extends projen's awscdk.AwsConstructLibrary
project type and should be used in place
of that type.
From the command line:
npx projen new --from cdklabs-projen-project-types cdklabs-construct-lib
From inside cdk-ops
:
this.cdklabs.addPreApprovedRepo({
repo: 'cdk-new-lib',
owner: 'conroyka@amazon.com',
createWith: {
projectType: ProjectType.CDKLABS_MANAGED_CONSTRUCT_LIB,
},
});
cdklabsPublishingDefaults
By default, this is turned on. cdklabsPublishingDefaults
provides publishing defaults based off
of the project's name. Specifically, the defaults look like this:
return {
publishToPypi: {
distName: npmPackageName,
module: changeDelimiter(npmPackageName, '_'),
},
publishToMaven: {
javaPackage: `io.github.cdklabs.${changeDelimiter(npmPackageName, '.')}`,
mavenGroupId: 'io.github.cdklabs',
mavenArtifactId: npmPackageName,
mavenEndpoint: 'https://s01.oss.sonatype.org',
},
publishToNuget: {
dotNetNamespace: `Cdklabs${upperCaseName(npmPackageName)}`,
packageId: `Cdklabs${upperCaseName(npmPackageName)}`,
},
publishToGo: {
moduleName: `${npmPackageName}-go`,
},
};
Additionally, we also require that we publish to all jsii language targets (including go) when
we specify a library as stable
.
private
By default, a project is created as private
. Turning this off simply means setting private: false
.
A project being private
means it gets certain properties set as default that are true for private
projects. Today, that means setting private: true
in package.json
, removing .mergify.yml
from
the project, and removing .npmignore
.
This type extends projen's typescript.TypeScriptProject
project type and should be used in place
of that type.
npx projen new --from cdklabs-projen-project-types cdklabs-ts-proj
From inside cdk-ops
:
this.cdklabs.addPreApprovedRepo({
repo: 'cdk-new-lib',
owner: 'conroyka@amazon.com',
createWith: {
projectType: ProjectType.CDKLABS_MANAGED_TS_PROJECT,
},
});
private
By default, a project is created as private
. Turning this off simply means setting private: false
.
A project being private
means it gets certain properties set as default that are true for private
projects. Today, that means setting private: true
in package.json
, removing .mergify.yml
from
the project, and removing .npmignore
.
FAQs
Unknown package
We found that cdklabs-projen-project-types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.