
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
Read and write any config file format. Does for config files what consolidate does for templating languages.
var coherent = require('coherent');
// Extension can be left out or included, it will search for a
// supported file and a matching installed parser/stringifier
var cfile = coherent(__dirname+'/local-config');
var config = cfile.read();
config.runCount = config.runCount || 0;
config.runCount++;
cfile.write(config);
Read from formats provided by parse-formats and write to formats provided by stringify-formats. Feel free to suggest another format to support by opening an issue or pull request in those repositories.
You must install the module you are using to parse or stringify the format within your own project. This is so that coherent does not install and compile every one of them when it's installed. See the links above for lists of those modules, or check the error message coherent throws if the neccesary module is missing.
Your mileage may vary as each format and/or its parser/stringifier may lack full features.
Returns an object with .read and .write methods. Determines the extension by searching for accessible files. The opts object will extend the following defaults:
{
readFormats: require('parse-formats),
writeFormats: require('stringify-formats'),
ext: '', // Specify if you want
encoding: 'utf8', // Passed to fs functions,
parserOpts: undefined, // Additional options object to pass to the parser/stringifier
}
Synchronously reads the file and attempts to parse it. opts will extend but not modify the opts passed to the coherent().
Synchronously attempt to stringify data and write the result to the file, overriding the old file. opts will extend but not modify the opts passed to coherent().
Shorter version equivalent to coherent(path).read/.write but will search for the file each time.
MIT
FAQs
Read and write any config file format
We found that coherent demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.