Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
contribflow
Advanced tools
Contribflow is a suite of high-level repository operations for making open source contributions easier. It's based on the git-flow branching model with modifications for the open souce workflow.
Contribflow is a set of command-line operations that aims to make the contribution process easier for both contributors and repository managers.
For contributors:
For project owners:
Contribflow requires Node.js. Make sure it's installed an up-to-date on your system, including npm.
Install the module globally with:
[sudo] npm install -g contribflow
This will make the contrib
command available to use in any project directory.
Each contrib
command will run a series of git or github commands, and may prompt the user for more info. All git commands are printed as they are run, to encourage learning of the underlying git process.
There are two main branch types that contribflow is meant to work with, based largely on the Gitflow branching model.
In these examples feature
is used, but these same commands will work with hotfix
.
When starting a new feature you run the command:
contrib feature start
First, this will ask you to name your new feature (use letters, numbers and dashes). Next, it will run a series of git commands to create a new feature branch named "feature/[name-of-feature]." You'll work in this git branch, creating git commits as needed, until you're ready to submit a pull request to the upstream project. At this point you'll run:
contrib feature submit
This will create a pull request from your feature branch to the development branch of the upstream project.
At this point the project owner may ask you to make changes. To update your pull request you simply make the changes, commit them and git push
them up to the remote copy of your feature branch (remote tracking of the branch is set up when you start the feature). This will update your pull request.
Once the owner has accepted your pull request, you can clean up your feature branch. PLEASE NOTE: THIS WILL DELETE YOUR COPY OF THE FEATURE. This is meant to clean up your local and remote branches, so make sure any changes you don't want to lose have been pulled into the parent project or another branch first.
Run the command:
contrib feature delete
coming soon
Copyright (c) 2013 Steve Heffernan Licensed under the Apache-2.0 license.
FAQs
Contribflow is a suite of high-level repository operations for making open source contributions easier. It's based on the git-flow branching model with modifications for the open souce workflow.
The npm package contribflow receives a total of 1 weekly downloads. As such, contribflow popularity was classified as not popular.
We found that contribflow demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.