Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
create-whatever
Advanced tools
The smartest
create-
app template generator.
Let's create create-greet
package in four steps.
yarn create whatever
yarn create whatever create-greet --template typescript
or if you use npm
, then run npm create create-greet
cd create-greet
and edit files inside templates/default
.
Run yarn build
or npm run build
to transpile TypeScript into JavaScript.
Run yarn publish
or npm publish
to publish your create-
app to npm.
yarn create greet ohayo
Edit files inside templates/default
. File names, directory names, and text files will be processed through Handlebars template engine to replace all template strings with respective value.
{{name}}
package name{{description}}
package description{{author}}
author name{{email}}
author email{{contact}}
author name formatted with {{name}} <{{email}}>
if email given, otherwise {{name}}
{{license}}
package license (e.g. MIT
){{year}}
current year (e.g. 2020
)upper
Output text in UPPERCASE.
{{upper name}}
becomes CREATE-REACT-APP
.
lower
Output text in lowercase.
{{lower name}}
becomes create-react-app
.
camel
Output text in camelCase.
{{camel name}}
becomes createReactApp
.
capital
Output text in CapitalCase.
{{capital name}}
becomes CreateReactApp
, and {{capital name space=true}}
becomes Create React App
.
snake
Output text in snake_case.
{{snake name}}
becomes create_react_app
.
kebab
Output text in kebab-case.
{{kebab name}}
becomes create-react-app
.
uuid
Generates unique UUID string.
{{uuid}}
{{upper (uuid)}}
You can find the app config in src/cli.ts
.
import {resolve} from 'path';
import {create} from 'create-whatever';
create('create-greet', {
templateRoot: resolve(__dirname, '../templates'),
extra: {
language: {
type: 'input',
describe: 'greeting language',
default: 'en',
prompt: 'if-no-arg',
},
},
caveat: `Your app has been created successfuly!`,
});
templateRoot
set to path.resolve(__dirname, '../templates')
. You can change it to whereever you want.
extra
object | undefined
Extra options passed to the app. These options will be accessible as a cli option, interactive question, and template string. In this case, --language
cli option and {{language}}
template string will be available.
You can find all possible options in yargs-interactive documentation.
caveat
string | ((options: AfterHookOptions) => string | void) | undefined
The caveat message will be shown after the entire process completed.
create('create-greet', {
caveat: 'Happy coding!',
});
create('create-greet', {
caveat: ({ answers }) => `Run -> cd {answers.name} && make`,
});
create('create-greet', {
caveat: async ({ answers }) => {
const pkg = answers.plugin;
await execa('yarn', ['add', plugin]);
console.log(`${plugin} has been added`);
},
});
{
// variables
packageDir: string;
templateDir: string;
year: number; // 2020
answers: {
name: string; // package name
description: string; // description
author: string; // John Doe
email: string; // john@example.com
contact: string; // John Doe <john@example.com>
license: string; // MIT
[key: string]: string | number | boolean | any[]; // any values defined in the `extra` field.
};
// functions
run: (command: string, options?: CommonOptions<string>) => ExecaChildProcess<string>; // run shell command in the package dir
installNpmPackage: (packageName: string) => Promise<void>; // use yarn if available
}
after
(options: AfterHookOptions) => void
After hook script that runs after the initialization.
PRs are always welcome!
FAQs
create 'create-' app
We found that create-whatever demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.