Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Degit is a straightforward tool for cloning repositories from GitHub, GitLab, and Bitbucket without including the entire git history. It is particularly useful for quickly setting up new projects from templates.
Clone a repository
This feature allows you to clone a repository from GitHub, GitLab, or Bitbucket. The cloned repository will not include the git history, making it a clean copy suitable for starting new projects.
degit('user/repo')
Clone a specific branch
This feature allows you to clone a specific branch of a repository. This is useful when you want to start a project based on a particular branch rather than the default branch.
degit('user/repo#branch-name')
Clone a repository to a specific directory
This feature allows you to specify a destination directory for the cloned repository. This is useful for organizing your projects in a specific directory structure.
degit('user/repo', { dest: 'path/to/destination' })
The git-clone package is a simple utility for cloning git repositories. Unlike degit, it includes the entire git history, making it suitable for situations where you need the full commit history.
The download-git-repo package allows you to download a git repository from GitHub, GitLab, or Bitbucket. It is similar to degit but offers more flexibility in terms of authentication and custom headers.
The ghrepo package is a tool for managing GitHub repositories. It offers functionalities like cloning, creating, and deleting repositories. While it provides more features than degit, it is more complex and may not be as straightforward for simple cloning tasks.
degit makes copies of git repositories. When you run degit some-user/some-repo
, it will find the latest commit on https://github.com/some-user/some-repo and download the associated tar file to ~/.degit/some-user/some-repo/commithash.tar.gz
if it doesn't already exist locally. (This is much quicker than using git clone
, because you're not downloading the entire git history.)
Requires Node 8 or above, because async
and await
are the cat's pyjamas
npm install -g degit
The simplest use of degit is to download the master branch of a repo from GitHub to the current working directory:
degit user/repo
# these commands are equivalent
degit github:user/repo
degit git@github.com:user/repo
degit https://github.com/user/repo
Or you can download from GitLab and BitBucket:
# download from GitLab
degit gitlab:user/repo
degit git@gitlab.com:user/repo
degit https://gitlab.com/user/repo
# download from BitBucket
degit bitbucket:user/repo
degit git@bitbucket.org:user/repo
degit https://bitbucket.org/user/repo
# download from Sourcehut
degit git.sr.ht/user/repo
degit git@git.sr.ht:user/repo
degit https://git.sr.ht/user/repo
The default branch is master
.
degit user/repo#dev # branch
degit user/repo#v1.2.3 # release tag
degit user/repo#1234abcd # commit hash
If the second argument is omitted, the repo will be cloned to the current directory.
degit user/repo my-new-project
To clone a specific subdirectory instead of the entire repo, just add it to the argument:
degit user/repo/subdirectory
If you have an https_proxy
environment variable, Degit will use it.
Private repos can be cloned by specifying --mode=git
(the default is tar
). In this mode, Degit will use git
under the hood. It's much slower than fetching a tarball, which is why it's not the default.
Note: this clones over SSH, not HTTPS.
degit --help
Pull requests are very welcome!
git clone --depth 1
?A few salient differences:
git clone
, you get a .git
folder that pertains to the project template, rather than your project. You can easily forget to re-init the repository, and end up confusing yourself.tar.gz
file for a specific commit, you don't need to fetch it again).degit user/repo
instead of git clone --depth 1 git@github.com:user/repo
)You can also use degit inside a Node script:
const degit = require('degit');
const emitter = degit('user/repo', {
cache: true,
force: true,
verbose: true,
});
emitter.on('info', info => {
console.log(info.message);
});
emitter.clone('path/to/dest').then(() => {
console.log('done');
});
You can manipulate repositories after they have been cloned with actions, specified in a degit.json
file that lives at the top level of the working directory. Currently, there are two actions — clone
and remove
. Additional actions may be added in future.
// degit.json
[
{
"action": "clone",
"src": "user/another-repo"
}
]
This will clone user/another-repo
, preserving the contents of the existing working directory. This allows you to, say, add a new README.md or starter file to a repo that you do not control. The cloned repo can contain its own degit.json
actions.
// degit.json
[
{
"action": "remove",
"files": ["LICENSE"]
}
]
Remove a file at the specified path.
MIT.
FAQs
Straightforward project scaffolding
The npm package degit receives a total of 247,300 weekly downloads. As such, degit popularity was classified as popular.
We found that degit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.