
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
create-stride-app
Advanced tools
Inspired by create-react-app, this gives you a great Stride app development and deployment experience out of the box.
$ yarn create stride-app my-app
$ cd my-app
$ npm start
# npm also supported
$ npm install -g create-stride-app && create-stride-app my-app
developer.atlassian.com
during startup so you don't have to copy your ngrok URL each time (development mode only)src/routes/*.js
src/client/*.js
(supports React and Flow)stride-scripts build
command produces an optimized production build of your appTo run in dev mode, just npm run start
. This will compile your code, set up the Express server and ngrok tunnel, and watch for changes.
You should set the APP_CLIENT_ID
and APP_CLIENT_SECRET
environment variables, which are available at https://developer.atlassian.com/apps
APP_CLIENT_ID=... APP_CLIENT_SECRET=... npm run start
It can be tedious to update developer.atlassian.com with your new ngrok URL each time you run npm start
, so create-stride-app
has an opt-in feature which will do it for you!
Just set the following environment variables:
APP_ID_DEV
- get this from https://developer.atlassian.com/apps/<app-id>
(make sure it's your development app not your prod app!)DAC_ATL_SESSION_COOKIE
- get this from the atl_session
cookie set after you're logged in to developer.atlassian.comOnce you're ready to deploy, just npm run build
to produce an optimized /build
directory with everything you need to deploy.
FAQs
Get a Stride app up and running in a few clicks.
The npm package create-stride-app receives a total of 1 weekly downloads. As such, create-stride-app popularity was classified as not popular.
We found that create-stride-app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.