Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
commently
Advanced tools
Commently Core is the underlying API package wrapped by the CLI
To use, you can simply import it into your project like so. Remember that you will still need to provide a GITHUB_TOKEN
or GH_TOKEN
, as well as a GITHUB_URL
(default to public github) in your environment to be able to comment.
import Commently from 'commently/core';
const commently = new Commently({
pr: '1234',
owner: 'GithubOrg',
repo: 'RepoName',
title: 'The Title of Your PR Comment',
key: 'unique-id'
});
commently
.autoComment('The body of your PR')
.then(response => {
console.log(symbols.success, `Successfully commented on ...}`);
console.log(response.data.html_url);
})
.catch(err => {
console.log(symbols.error, 'Oops! Something went wrong...');
console.log(err);
});
FAQs
Easily comment on github issues and PRs
The npm package commently receives a total of 13,826 weekly downloads. As such, commently popularity was classified as popular.
We found that commently demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.