Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
This project is a prototype package management system for the Csound programming language. It is an attempt to enable easy re-use of CSD and UDO files using a centralised repository (living on Github).
Both UDOs and CSD files are accessible by creating an appropriate package for the component, creating a repository and release on Github and by adding the entries to the cspm-registry.
CSPM is available from the npm registry and can be installed globally with the following command.
npm install -g cspm
A UDO package may be initialised either inside of an empty directory or a directory containing a .udo or .csd file. This is done using the the following commands.
cspm init udo
or
cspm init csd
This will initialise a setup guide to create a UDO or CSD cspm.json file. If the cspm.json already exists the setup script will try to ascertain information about the module such as name and the various inputs/outputs/macros. If not, these can be manually specified using the command prompt.
For both UDOs and CSDs the init command creates a csp.json file containing the name, version, author, email and description information. For UDOs the various inputs and outputs are also enumerated. For each input/output the name, type, rate, description, maximum and minimum values are also recorded. For CSDs the macros within the file are enumerated and a description of each macro may also be provided.
A list of available packages must be downloaded from the CSPM registry using the update command before packages can be downloaded. This can be done using the following command:
cspm update
If a csp.json file exists inside of a package a README.md file may be generated automatically from the data by invoking:
cspm build readme
No other build commands are implemented at this time.
Packages may be installed globally using the following command:
cspm install -g MyGreatPackage
Packages are installed to the directory specified as Csound's INCDIR environmental variable, this variable must be specified or the installation of packages will fail. If a package to be install contains dependencies, these dependencies will also be installed.
Installing packages locally (e.g in arbitrary folders) is currently unimplemented.
Installed csd packages may be linked to the /usr/local/bin path enabling the calling of csd files in a similar fashion to bash scripts. Arguments may be passed to csd files if the csd file contains defined macros, the script will prompt for the macro values when it have been run, csd packages may be linked using the link command:
cspm link MyGreatPackage
The csd may then be invoked using the following command:
MyGreatPackage arg1 arg2 ... argN
If arguments are needed for the specified macros the script will prompt the user to enter each one, if the script is already given the correct number of arguments it will just run normally.
CSPM currently supports downloading packages from Github. Packages may be added to CPSM by first creating a repository for the UDO or CSD file, creating the relevant csp.json and README.md files and tagging a release for the package. Secondly the package must be added to the cspm-registry located at https://github.com/eddyc/cspm-registry.
The cpsm-registry is a single json file that catalogues every available package to CSPM. Each package information object added to the CSPM registry must contain the following keys and values:
Key | Value |
---|---|
release | The release tag (e.g. 1.0.0) |
dependencies | The packages this package depends on, if any |
description | A brief description of the package |
type | The package type, csd or udo |
location | Where the package is located, currently only github is supported |
FAQs
Package management and build tool for the Csound language
The npm package cspm receives a total of 10 weekly downloads. As such, cspm popularity was classified as not popular.
We found that cspm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.