Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
create-kktp
Advanced tools
快速上手
这里是通过 kktp 命令快速开始一个项目。
环境准备
首先得有 nodejs,并确保 nodejs 版本是 14 或以上。(推荐用 n 来管理 node 版本,windows 下推荐用 nvm-windows)
# 🚧 注意:不适用于 Microsoft Windows 上的本机 shell
# 适用于 Linux 的 Windows 子系统和各种其他类 unix 系统
npm install -g n
如果 npm 没有的情况
curl -L https://raw.githubusercontent.com/tj/n/master/bin/n -o n
bash n lts
# 现在可以使用 node 和 npm
npm install -g n
$ n 18.12.1
$ n lts
$ n
node/4.9.1
ο node/8.11.3
node/10.15.0
初始化一个项目
# npm 6.x
$ npm init kktp my-app --example basice
# npm 7+, extra double-dash is needed:
$ npm init kktp my-app -- --example basice
$ yarn create kktp [appName]
# or npm
$ npm create kktp my-app
# or npx
$ npx create-kktp my-app
使用 -e auth 或 --example auth 参数生成如下其中之一的示例:
└─ examples
├── access # 权限实例
├── auto-routes # 自动生成路由实例
├── docs # 基础文档网站实例
├── basic # 基础示例
├── basic-js # 基础js示例
├── config # config配置示例
├── mocker # 模拟 API 实例
├── rematch # redux实例
└── routes # 路由实例
帮助
你可以通过--help | h来查看帮助.
实例下载: http://kktjs.github.io/kkt-pro/zip/
Usage: create-kktp <app-name> [options] [--help|h]
Options:
--version, -v Show version number
--help, -h Displays help information.
--output, -o Output directory.
--example, -e Example from: http://kktjs.github.io/kkt-pro/, default: "auto-routes"
--path, -p Specify the download target git address.
default: "http://kktjs.github.io/kkt-pro/"
Example:
yarn create kktp appName
npx create-kktp my-app
npm create kktp my-app
npm create kktp my-app -f
npm create kktp my-app -p http://kktjs.github.io/kkt-pro/zip/
Copyright 2023
Contributors
License
Licensed under the MIT License.
FAQs
Creates a kktp application using the command line.
The npm package create-kktp receives a total of 1 weekly downloads. As such, create-kktp popularity was classified as not popular.
We found that create-kktp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 May 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025