Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Base code for npm-init with
npm init with
or npx create-with
.template
directoryThen, push to your github repository.
$ git push
Then, you are ready.
$ npm init with myusername/my-template
If you want it without your user name, e.g., npm init with my-template
,
it has to be under https://github.com/npm-init.
Thus, pleae create an issue for it.
npm-init.json
{
"prompts": {
"name": {
"type": "string",
"required": true,
"message": "Project Name"
},
"description": {
"type": "input",
"required": true,
"message": "Project Description"
}
},
"compile" : {
"with": "mustache",
"excludes": ["\.html$"]
},
"completeMessage": "To get started:\n cd {{name}}\n npm install\n npm start"
}
template
directorytemplate
directory can have any file including any directory.
If your file contents to be dynamic, please build it as a mustache template
e.g. package.json
{
"name": "{{name}}",
"description": "{{description}}",
"version": "0.0.0",
"main": "dist/{{name}}.umd.js
}
MIT Licensed
FAQs
`npm init with <repo-name>` base code
The npm package create-as receives a total of 0 weekly downloads. As such, create-as popularity was classified as not popular.
We found that create-as demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.