Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Run JavaScript snippets from your Markdown files.
chimi
parses Markdown files and runs the JavaScript snippets to check if everything is alright.
To let chimi
find the snippets you have to indicate the snippet language using either js
or javascript
like so:
```js
```javascript
You can configure chimi
using a configuration file, it might be a JSON or JavaScript file and also an object as the chimi
property in the package.json
:
{
"dependencies": {
"trae": "trae",
"lodash": "_",
"./config": "config",
"es6-promise: ""
},
"file": "readme.md",
"timeout": 5000
}
NOTE: the .chimirc
file has to be a valid JSON.
NOTE: if it is a JavaScript file, an object has to be exported.
dependencies
: object
A list of dependencies to be require
d on each snippet. Each key represents the path name and the value is the variable name, if the value is an empty string the require
statement will be not assigned to a variable.
The depenencies in the example will generate these require
s:
let trae = require('trae')
let _ = require('lodash')
let config = require('./config')
require('es6-promise')
These dependencies will be added to your snippet before running it so you don't have to do it on every snippet.
file
: string
Default: README.md
.
The path to the file/s you want to parse. It can also be a glob. Be sure to specify only .md
files.
timeout
: number
Default: 5000
.
The time, in miliseconds, to wait for the snippet execution before considering it a failure.
.chimi.js(on)?|.chimirc
).--help
.jsdom
?FAQs
Validate the JavaScript code of your Markdown files
The npm package chimi receives a total of 10 weekly downloads. As such, chimi popularity was classified as not popular.
We found that chimi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.