Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
create-from-git
Advanced tools
create-from-git
Scaffolds a new project using `git checkout` and smart, in-file string replacements. Comes with an API and CLI: `npx create-from-git`. Runs on Mac, Windows and Linux.
create-from-git
Scaffolds a new project using
git checkoutand smart, in-file string replacements. Comes with an API and CLI:npx create-from-git. Runs on Mac, Windows and Linux.
User Stories
-
As a developer of a product, I don't want to repeat myself again and again when I'm going to start a new project. I need a CLI that can copy over an arbitrary, ready-made project template from an arbitrary git repository, but don't clone it and also get the
.gitmetadata, but check it out, and simply replace everything that is namedtemplateName,template-name,template_nameorTemplateNamewith the name of my new project in all files and file names so that I don't have to do that manually again and again. -
As a developer of a framework, I need a library that can generate new projects from templates that I prepared, so that my users can use my CLI or the CLI of that tool to use my framework with ease by not starting from scratch.
Features
- ✅ Generate a new software project from scratch by using
git checkout - ✅ Agnostic to programming language, frameworks etc. pp.
- ✅ Available as a simple API and simple to use CLI
- ✅ Just
5knano sized (ESM, gizpped) - ✅ Tree-shakable and side-effect free
- ✅ Async from the ground up
- ✅ Runs on Windows, Mac, Linux, CI tested
- ✅ First class TypeScript support
- ✅ Only JS Heaven maintained dependencies
- ✅ 100% Unit Test coverage
Example usage (CLI)
npx create-from-git --from git@github.com/jsheaven/template-for-libraries --name MyNewProject
You need at least version 18 of Node.js installed.
Example usage (API, as a library)
Setup
- yarn:
yarn add create-from-git - npm:
npm install create-from-git
ESM
import { createFromGit } from 'create-from-git'
try {
const statusReport = await createFromGit({
from: 'git@github.com/jsheaven/template-for-libraries',
to: '.',
projectName: 'MyNewProject',
})
} catch (e) {
console.error('Scaffolding went wrong: ', e)
}
CommonJS
const { createFromGit } = require('create-from-git')
// same API like ESM variant
Keywords
FAQs
Scaffolds a new project using `git checkout` and smart, in-file string replacements. Comes with an API and CLI: `npx create-from-git`. Runs on Mac, Windows and Linux.
We found that create-from-git demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Feb 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025