Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
darq-publisher
Advanced tools
Automates the publication of truffle
nightly & experimental builds to NPM.
The default builds are develop
and next
(tagged as @latest and @next respectively.)
You can also specify arbitrary builds/tags at the command line. The tool installs,
checks out, and symlinks truffle
at a branch, then builds and publishes it to the tag.
npm install -g darq-publisher
$ darq-publisher
Usage: darq-publisher --default | --branch <branch> --tag <tag> [--step <semver-step> --root <base-branch>]
Options:
-d, --default Publish default branches listed in darq.json
-b, --branch <required> Branch to checkout before publishing
-t, --tag <required> Tag to publish branch as
-r, --root [optional]', 'Base branch to checkout before `branch`
-s, --step [optional] Semver step to increment version: (defaults to `prerelease`)
-v, --verbose Show shell command output
-h, --help output usage information
# Publish `darq-truffle@latest` and `darq-truffle@next`
$ darq-publisher --default
# Publish branch `ghosts` as `darq-truffle@casper`
$ darq-publisher --branch ghosts --tag casper
# Publish branch `witches` using base-branch `next` as `darq-truffle@wendy`
$ darq-publisher --root next --branch witches --tag wendy
When there are no real releases, do nothing. darq-truffle
auto-increments a pre-release.
When there is a real release, semver will look like this:
4.1.5 # Real truffle
4.1.5-latest.2 # darq truffle
Increment a step up by running twice as below:
darq-publisher --branch develop --tag latest --step patch # Increments darq-truffle to 4.1.6
darq-publisher --branch develop --tag latest # Increments darq-truffle to 4.1.6-latest.0
(This takes about 10 minutes.)
FAQs
CLI utility to publish Truffle nightlies to NPM
The npm package darq-publisher receives a total of 1 weekly downloads. As such, darq-publisher popularity was classified as not popular.
We found that darq-publisher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.