Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
connect-fonts-tools
Advanced tools
A collection of tools to create connect-fonts and npm compatible packages.
Run scripts/setup
to set up generic author information that can be used to create multiple font packs.
scripts/create_fontpack
creates a connect-fonts compatible font pack from the .ttf files in a source directory. If you have already run scripts/setup
, creating a font pack is easy:
<path_to_connect_fonts_tools>/scripts/create_fontpack --pn <pack_name> --sp <source_path> --tp <target_path>
If the font pack is for public use, additional parameters can be specified that will be placed inside the font pack's package.json and README.md files.
<path_to_connect_fonts_tools>/scripts/create_fontpack --pn <pack_name> --ph <pack_homepage_url> --pr <pack_repo_url> --pb <pack_bugtracker_url> --sp <source_path> --tp <target_path>
Once the pack is created, it can be published to npm:
cd <font_pack_directory>
npm publish
The font pack can then be installed from npm:
npm install <pack_name>
If the font pack is not to be published to the npm repository, it can be installed to another local project directory:
cd <target_project_dir>
npm install <font_pack_directory>
scripts/subset
can be used to subset an already installed font pack into fonts that are locale-optimised.
cd node_modules/<font_directory>/fonts/default
<path_to_connect_fonts_tools>/script/subset --ss=<subsets> --sp <font_name or .> --tp ../ -o --wf
Tools exist to create individual portions of a font pack or npm module.
create_index
- create an index.js for use by connect-fontscreate_license
- create LICENSEcreate_package_json
- create package.json for use by npmcreate_readme
- create README.md file that contains font, author, license and repo information.create_webfonts
- create .woff, .svg, and .eot fonts from a .ttf filedisplay_directory_metadata
- read and display the common metadata embedded in the .ttf files in a directorydisplay_file_metadata
- read and display the metadata embedded in a single .ttf filenormalize_filenames
- normalize all the filenames. Lowercases all filenames, expand -it to -italics, remove -webfontsubset
- subset a .ttf font into smaller, locale specific fontscreate_fontpack
and subset
make use of FontForge.
FontForge can be installed in Mac OSX with Homebrew by typing brew install fontforge
.
In Linux or Windows, see the directions provided by the Open Font Library.
subset.py comes from Google Font Directory and is licensed under the Apache 2.0 license. Its authors are Raph Levien and Dave Crossland.
MOAR font packs!
Any updates to connect-fonts-tools are appreciated. All submissions will be reviewed and considered for merge.
This software is available under version 2.0 of the MPL:
subset.py, from Google Font Directory, is licensed under the Apache 2.0 license.
FAQs
Utility scripts for working with connect-fonts font packs
The npm package connect-fonts-tools receives a total of 0 weekly downloads. As such, connect-fonts-tools popularity was classified as not popular.
We found that connect-fonts-tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.