Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
changelog-view
Advanced tools
Tool view changelog in console.
It list only the changes between the specified version and the latest version.
You can see it as a git diff
between version for changelogs.
With npx (require npm >= 5.2
):
npx changelog-view <package@currentVersion> [<package@currentVersion> ...]
Example
npx changelog-view howardabrams/node-mocks-http@1.5.4 mapado/rest-client-js-sdk@2.0.0
If you don't have npm >= 5.2
or if you prefer installing the package, you can install it with npm/yarn :
yarn install --dev changelog-view # yarn
# or
npm install (-g) changelog-view # npm
And then the binary will be located in node_modules/.bin/changelog-view
changelog-view
tries to detect automatically the current version of your currently installed dependencies.
It works fine with npm
/ yarn
for JavaScript projects, and with composer
for PHP projects.
Imagine you have this package.json:
{
"dependencies": {
"rest-client-sdk": "^1.0.0"
}
}
The following command:
npx changelog-view rest-client-sdk
Will ouput:
... other version
## [1.0.1] - 2017-07-03 - [YANKED]
### Changed
* Make urijs implementation work again but might be breaking
* Url constructor passed with noTransform = true for better perf and avoid potential bugs
Same for PHP if you do
npx changelog-view behat/transliterator
Will output:
# CHANGELOG for "Behat/Transliterator"
# 1.2.0 / 2017-04-04
* Stop Transliterator::postProcessText() breaking words containing apostrophes
The package checks on github if a file named CHANGELOG.md
or HISTORY.md
is present.
If not, it tries to list the github releases.
It tries to parse the markdown files and filter only version greater than the specified version.
pip freeze
command but seems to be "the old way"[1.8.2] - 2019-03-05
Use ink and ink-tab 2
FAQs
Tool to view changelog of package in console
The npm package changelog-view receives a total of 1 weekly downloads. As such, changelog-view popularity was classified as not popular.
We found that changelog-view demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.