Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
clean-scripts
Advanced tools
A CLI tool to make scripts in package.json clean.
yarn global add clean-scripts
create config file(named clean-scripts.config.js
or something else) like:
module.exports = {
build: "tsc",
lint: "tslint index.ts"
}
run clean-scripts build
, or clean-scripts lint
or clean-scripts build --config clean-scripts.config.js
module.exports = {
build: "tsc"
}
module.exports = {
build: [
"rimraf dist",
"tsc"
]
}
Set
or Object
scriptmodule.exports = {
build: {
js: `tsc`,
css: `cleancss -o index.bundle.css index.css`
}
}
module.exports = {
build: [
"rimraf dist",
{
js: `tsc`,
css: [
`lessc index.less > index.css`,
`cleancss -o index.bundle.css index.css`
]
}
]
}
the type of the function should be (context: { [key: string]: any }, parameters: string[]) => Promise<void>
module.exports = {
build: () => new Promise((resolve, reject) => {
setTimeout(() => {
resolve()
}, 1000)
}),
test: async () => {
// todo
}
}
The context
can be used to transfer data between different scripts.
module.exports = {
build: [
context => {
context.foo = 'abc'
return Promise.resolve()
},
context => {
console.log(context.foo) // 'abc'
return Promise.resolve()
}
]
}
The parameters
can be passed from CLI parameters
module.exports = {
build: (context, parameters) => {
console.log(parameters) // run `clean-scripts build foo bar`, got `["foo", "bar"]`
return Promise.resolve()
}
}
module.exports = {
build: [
`rimraf dist/`,
`tsc -p src/`
],
lint: {
ts: `tslint "src/**/*.ts"`,
js: `standard "**/*.config.js"`
}
}
clean-scripts build[0]
to run rimraf dist/
clean-scripts lint.ts
to run tslint "src/**/*.ts"
const { Service } = require('clean-scripts')
module.exports = {
build: [
new Service('http-server -p 8000'),
new Service('http-server', 'server2'), // the child process can be accessed by `context.server2` later
new Service('http-server -p 8000', { maximumCpu: 50, maximumMemory: 1175552 }), // if the cpu usage of this service > maximumCpu, throw an error. same to the memory usage
]
}
All services will be killed(send SIGINT
actually) after all scripts end, or any script errors.
The cpu and memory check runs every 1 second.
const { Program } = require('clean-scripts')
module.exports = {
build: [
new Program('http-server -p 8000', 10000), // the program will last at most 10 seconds, can be used to test the start process of a program
new Program('http-server -p 8000', 10000, { maximumCpu: 50, maximumMemory: 1175552 }), // if the cpu usage of this program > maximumCpu, throw an error. same to the memory usage
]
}
All programs will be killed(send SIGINT
actually) after all scripts end, or any script errors.
The cpu and memory check runs every 1 second.
const { Tasks } = require('clean-scripts')
module.exports = {
build: new Tasks([
{
name: 'build a',
script: 'yarn workspace a run build'
},
{
name: 'test a',
script: 'yarn workspace a run test',
dependencies: [
'build a'
]
},
{
name: 'build b',
script: 'yarn workspace b run build',
dependencies: [
'build a'
]
},
{
name: 'test b',
script: 'yarn workspace b run test',
dependencies: [
'build b'
]
}
])
}
the 4 tasks will be execuated in following order:
build a
build b
and test a
test b
as soon as build b
completedThis can be very useful and effective for complex or dynamic tasks.
const { sleep, readableStreamEnd, execAsync, executeScriptAsync, checkGitStatus } = require('clean-scripts')
module.exports = {
build: [
() => sleep(5000), // sleep milliseconds
async () => {
const readable = getReadableStreamSomehow()
readable.on('data', chunk => {
console.log(`Received ${chunk.length} bytes of data.`)
})
await readableStreamEnd(readable) // wait readable stream ends
},
async () => {
const { stdout } = await execAsync('git status -s') // promisified `childProcess.exec`
if (stdout) {
console.log(stdout)
throw new Error(`generated files doesn't match.`)
}
},
async () => {
await executeScriptAsync([ // support string script, array script, child script, nested script and so on
`rimraf dist/`,
`tsc -p src/`
])
},
() => checkGitStatus() // check git status
]
}
FAQs
A CLI tool to make scripts in package.json clean.
The npm package clean-scripts receives a total of 9 weekly downloads. As such, clean-scripts popularity was classified as not popular.
We found that clean-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.