Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
create-devc
Advanced tools
Quickly add .devcontainer configuration to any JavaScript project, and more!
Quickly add .devcontainer configuration to any JavaScript project, and more!
But wait, what's a dev container?
A dev container is a full development environment packaged into a Docker container. It's ready to use, easy to update and painless to share with your team. It also brings the complete VS Code experience through the Remote Development extension pack. Dev containers can run locally on your machine, or in the cloud through services like GitHub Codespaces.
You can learn more about dev containers here or watch this introduction video series.
There are multiple ways to use the devc
tool:
npm install -g devc
npm init devc
or yarn create devc
or pnpm create devc
ng add devc
While the main use case is to generate a dev container configuration, there are also other features provided by the CLI if you install it. For example, you can run a command in a dev container (even if it's not started) or open VS Code directly in a dev container.
Usage: devc [command] [options]
Commands:
init Initialize dev container config (default command)
-s, --stack <name1, name2, ...>
Set the stack to be used (default: autodetect)
-p, --packageManager <npm|yarn|pnpm>
Set package manager (default: autodetect)
-d, --detect Force stack detection even if stack option is set
--list List available tech stacks
code [path] Open folder in a VS Code dev container
-i, --insiders Use insiders version of VS Code
shell [command] Open a shell in dev container
-e, --exec <cmd> Execute command in container shell
General options:
-v, --version Show version
--help Show this help
devc init
will create a .devcontainer
folder in the current directory with the configuration for the current project.
By default, it will detect automatically which package manager and which stack is used. You can override this by using the --packageManager
and --stack
options. Using --stack
will override the detection and only use the specified stack, but you can use --detect
to use autodetection in addition to your --stack
value.
To list available supported stacks, use devc init --list
.
Note: the base dev container configuration generated can work with any Node.js project, and it's always possible to customize it after initialization.
devc code
will open the current folder in a VS Code dev container directly.
If no path is specified, it will open the current folder. You can also use the --insiders
option to open the Insiders version of VS Code.
devc shell
will open an interactive shell in the current folder in an existing dev container.
If the dev container is not running, it will start it for the duration of your session and stop it when you exit the shell.
Using the --exec
option, you can directly execute a single command in the dev container shell, without going interactive.
Note: currently, the dev container must have been created in VS Code before you can use this command. Building the dev container from the command line is not (yet) supported.
Contributions are welcome! :heart: You can have a look at the contributing guide to learn how to contribute to this project.
0.1.0 (2022-03-08)
FAQs
Quickly add .devcontainer configuration to any JavaScript project, and more!
The npm package create-devc receives a total of 6 weekly downloads. As such, create-devc popularity was classified as not popular.
We found that create-devc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.