Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
common-boilerplate
Advanced tools
base class for boilerplate
[![NPM version][npm-image]][npm-url] [![build status][travis-image]][travis-url] [![Test coverage][codecov-image]][codecov-url] [![David deps][david-image]][david-url] [![Known Vulnerabilities][snyk-image]][snyk-url] [![NPM download][download-image]][download-url]
use create-common-boilerplate for quick start.
$ npm init common-boilerplate
- ask question
- list all file from boilerplate paths
- render files to target dir
├── boilerplate
│ ├── lib
│ ├── test
│ ├── README.md
│ ├── _.eslintrc
│ ├── _.gitignore
│ ├── _package.json
│ └── index.js
├── test
│ └── index.test.js
├── index.js
├── README.md
└── package.json
index.js
is your Boilerplate Logic, the main entry.boilerplate/**
is your template dir, will be copy to dest.// index.js
const Boilerplate = require('common-boilerplate');
class MainBoilerplate extends Boilerplate {
// must provide your directory
get [Symbol.for('boilerplate#root')]() {
return __dirname;
}
};
module.exports = MainBoilerplate;
Inquirer is built-in to provide prompt
helper.
Add your questions:
class MainBoilerplate extends Boilerplate {
async askQuestions() {
const answers = await this.prompt([
{
name: 'name',
type: 'input',
message: 'Project Name: ',
default: () => this.locals.name, // set default from locals
},
{
type: 'list',
name: 'type',
message: 'choose your type:',
choices: [ 'simple', 'plugin', 'framework' ],
},
]);
this.setLocals(answers);
// use built-in questions
await this.askGit();
}
};
Built-in Questions:
askNpm()
: ask for name
/ scope
/ description
, and pkgName
getter.askGit()
: ask for repository
this.locals
is used to fill the teamplte, it's merge from built-in -> argv -> user's prompt answer
;
Built-in:
name
- project name, by default to git repository name
user
- user info
name
- git config user.name
email
- git config user.email
author
- ${user} <${email}>
gitInfo
- git url info
git config remote.origin.url
npm
- npm global cli name, will guest by order: tnpm -> cnpm -> npm
registry
- npm registry url, not set by defaultBuilt-in render is nunjucks.
And use micromatch to match this.templateRules
to treat as template.
this.templateRules = [ '!res/**' ];
{{name}}.test.js
is supported.boilerplate/package.json
, npm will read files
and ignore your files._
as prefix, such as _package.json
/ _.gitignore
/ _.eslintrc
this.fileMapping
Default mappings:
this.fileMapping = {
gitignore: '.gitignore',
_gitignore: '.gitignore',
'_.gitignore': '.gitignore',
'_package.json': 'package.json',
'_.eslintrc': '.eslintrc',
'_.eslintignore': '.eslintignore',
'_.npmignore': '.npmignore',
};
Provide powerful cli logger for developer, see consola for more details.
debug
is disabled by default, use --verbose
or DEBUG=
to print all logs.
this.logger.info('this is info log');
this.logger.level = 'DEBUG';
Provide httpclient for developer, see urllib for more details.
await this.request(url, opts);
Use this.requestOpts
as default request options.
Also support custom argv:
argv
will convert to camelCase, such as --page-size=1 -> pageSize
--page.size=1 -> { page: { size: '1' } }
class MainBoilerplate extends Boilerplate {
// use as `--test=123 --str=456`
initOptions() {
const options = Object.assign({}, super.initOptions());
options.test = {
type: 'string',
description: 'just a test',
};
options.str = {
type: 'string',
description: 'just a str',
};
return options;
}
};
Built-in:
--baseDir=
- directory of application, default to process.cwd()
--npm=
- npm cli, tnpm/cnpm/npm, will auto guess--registry=
- npm registry url, also support alias -r=china
, will auto guest from npm cli.--force
- force to override directory if it's not emptySupport mutli-level boilerplate, so you can share logic between boilerplates.
class ShareBoilerplate extends Boilerplate {
// must provide your directory
get [Symbol.for('boilerplate#root')]() {
return __dirname;
}
};
module.exports = ShareBoilerplate;
// child
class MainBoilerplate extends ShareBoilerplate {
// must provide your directory
get [Symbol.for('boilerplate#root')]() {
return __dirname;
}
// example for ignore some files from parent
async listFiles(...args) {
const files = await super.listFiles(...args);
files['github.png'] = undefined;
return files;
}
};
module.exports = MainBoilerplate;
Symbol.for('boilerplate#root')
to announce your root, and boilerplate
directory is required to exists at your root directory.async listFiles()
, such as ignore some files from parent.Use Coffee and assert-file.
const coffee = require('coffee');
const assertFile = require('assert-file');
const { rimraf, mkdirp } = require('mz-modules');
describe('test/index.test.js', () => {
const fixtures = path.join(__dirname, 'fixtures');
const tmpDir = path.join(__dirname, '.tmp');
beforeEach(async () => {
await rimraf(tmpDir);
await mkdirp(tmpDir);
});
it('should work', async () => {
// run cli
await coffee.fork(path.join(fixtures, 'simple/bin/cli.js'), [], { cwd: tmpDir })
// .debug()
// tell coffee to listen prompt event then auto answer
.waitForPrompt()
// answer to the questions
.writeKey('example\n')
.writeKey('ENTER')
// emit `DOWN` key to select the second choise
.writeKey('DOWN', 'ENTER')
.expect('stdout', /npm install --no-package-lock/)
.expect('stdout', /1 passing/)
.expect('code', 0)
.end();
// expect to be exists
assertFile(`${tmpDir}/.gitignore`);
// check with `includes`
assertFile(`${tmpDir}/README.md`, 'name = example');
// check with regex
assertFile(`${tmpDir}/README.md`, /name = example/);
// check whether contains json
assertFile(`${tmpDir}/package.json`, {
name: 'example',
boilerplate: {
name: 'common-boilerplate-test-project',
version: '1.0.0',
}
});
});
});
FAQs
base class for boilerplate
The npm package common-boilerplate receives a total of 1 weekly downloads. As such, common-boilerplate popularity was classified as not popular.
We found that common-boilerplate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.