
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
create-fusion-app
Advanced tools
[](https://buildkite.com/uberopensource/fusionjs)
Creates a Fusion.js application using the command line.
If you are using Yarn:
$ yarn create fusion-app <appName>
If you are using npm:
$ npx create-fusion-app <appName>
The tool will scaffold a new project and install all dependencies into the specified project folder. To start your project, just run yarn dev
:
$ cd <appName>
$ yarn dev
Then, visit http://localhost:3000 to see your app.
The scaffold is preconfigured to use React. It also comes with common plugins already registered:
yarn dev
Compiles and runs the application in development mode.
yarn lint
Runs eslint using the provided lint rules.
yarn test
Runs tests using Jest.
yarn build
Builds a development bundle.
yarn build-production
Builds a production bundle.
yarn start
Starts the application.
For more information, visit the Fusion.js documentation at https://fusionjs.com for basic information, how-to guides, and in depth references.
FAQs
[](https://buildkite.com/uberopensource/fusionjs)
The npm package create-fusion-app receives a total of 3 weekly downloads. As such, create-fusion-app popularity was classified as not popular.
We found that create-fusion-app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.