Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Run JavaScript snippets from your Markdown files.
chimi
parses Markdown files and runs the JavaScript snippets to check if everything is alright.
To let chimi
find what snippets to run you have to indicate the code snippet language using either js
or javascript
like so:
```js
```javascript
You can configure chimi
through an rc
file, .chimirc
:
{
"dependencies": {
"trae": "trae",
"lodash": "_",
"./config": "config",
"es6-promise: ""
},
"file": "readme.md",
"timeout": 5000
}
NOTE: the .chimirc
file has to be a valid JSON.
dependencies
: object
A list of dependencies to be require
d on each snippet. Each key represents the path name and the value is the variable name, if the value is falsy
(we recommend using an empty string) the require
statement will be not assigned to a variable.
The depenencies in the example will generate these require
s:
let trae = require('trae')
let _ = require('lodash')
let config = require('./config')
require('es6-promise')
These dependencies will be added to your snippet before running it so you don't have to do it on every snippet.
file
: string
Default: README.md
.
The path to the file/s you want to parse. It can also be a glob. Be sure to specify only .md
files.
timeout
: number
Default: 5000
.
The time, in miliseconds, to wait for the snippet execution before considering it a failure.
.chimi.js(on)?|.chimirc
).--help
.jsdom
?FAQs
Validate the JavaScript code of your Markdown files
The npm package chimi receives a total of 10 weekly downloads. As such, chimi popularity was classified as not popular.
We found that chimi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.