Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
clean-release
Advanced tools
A CLI tool to copy files to be released into a tmp clean directory for npm publishing, electronjs packaging, docker image creation, or deployment
A CLI tool to copy files to be released into a tmp clean directory for npm publishing, electronjs packaging, docker image creation or deployment
yarn global add clean-release
run clean-release
or clean-release --config clean-release.config.js
key | type | description |
---|---|---|
include | string[] | the files included, support glob |
exclude | string[]? | the files excluded, support glob |
base | string? | the base path, eg: dist , then dist/foo/bar.js will be copied into foo as foo/bar.js |
postScript | postScript | used to publish to npm, eg: npm publish "[dir]" --access public |
releaseRepository | string? | used to publish to a git release repository, eg: https://github.com/plantain-00/baogame-release.git |
releaseBranchName | string? | the branch name of the release repository |
notClean | boolean? | if true, do not clean the tmp directory |
askVersion | boolean? | if true, will ask promp version |
changesGitStaged | boolean? | if true, will make sure all changes is git staged |
execOptions | childProcess.ExecOptions? | passed to childProcess.exec |
postScript?: Script | Script[];
type Script = string | ((context: Context) => string) | ((context: Context) => Promise<string>)
type Context = {
dir: string
version: string
}
const { name, devDependencies: { electron: electronVersion } } = require('./package.json')
module.exports = {
include: [
'bin/*',
'dist/**/*',
'LICENSE',
'package.json',
'README.md'
],
exclude: [
],
askVersion: true,
changesGitStaged: true,
postScript: [
'git add package.json',
'git commit -m "[version]"',
'git tag v[version]',
'git push',
'git push origin v[version]',
'cd "[dir]" && npm i --production',
'prune-node-modules "[dir]/node_modules"',
`electron-packager "[dir]" "${name}" --out=dist --arch=x64 --electron-version=${electronVersion} --platform=darwin --ignore="dist/"`,
`electron-packager "[dir]" "${name}" --out=dist --arch=x64 --electron-version=${electronVersion} --platform=win32 --ignore="dist/"`,
`7z a -r -tzip dist/${name}-darwin-x64-[version].zip dist/${name}-darwin-x64/`,
`7z a -r -tzip dist/${name}-win32-x64-$[version].zip dist/${name}-win32-x64/`,
`electron-installer-windows --src dist/${name}-win32-x64/ --dest dist/`,
`cd dist && create-dmg ${name}-darwin-x64/${name}.app`
]
}
module.exports = {
include: [
'libs.js',
'main.js',
'config.js',
'index.css',
'scripts/index.js',
'index.html',
'LICENSE',
'package.json',
'README.md'
],
exclude: [
],
postScript: [
'cd "[dir]" && npm i --production',
'electron-packager "[dir]" "news" --out=dist --arch=x64 --version=1.2.1 --app-version="1.0.8" --platform=darwin --ignore="dist/"',
'electron-packager "[dir]" "news" --out=dist --arch=x64 --version=1.2.1 --app-version="1.0.8" --platform=win32 --ignore="dist/"'
]
}
module.exports = {
include: [
'dist/*.js',
'static/protocol.proto',
'static/scripts/*.bundle-*.js',
'static/index.html',
'LICENSE',
'package.json',
'README.md',
'Dockerfile'
],
exclude: [
],
postScript: [
'cd "[dir]" && docker build -t plantain/baogame . && docker push plantain/baogame'
]
}
# v2
cd "[dir]"
# v1
cd [dir]
FAQs
A CLI tool to copy files to be released into a tmp clean directory for npm publishing, electronjs packaging, docker image creation, or deployment
The npm package clean-release receives a total of 3 weekly downloads. As such, clean-release popularity was classified as not popular.
We found that clean-release demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.