Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
deployignore
Advanced tools
[![npm version](https://badge.fury.io/js/deployignore.svg)](https://badge.fury.io/js/deployignore)
Deployignore is a package that uses one command, deployignore
, to delete a list of files or folders that you specify in a file called deployignore.json
. Keep deployignore.json
at the root of your project and commit it to source control. When you're ready to deploy your project, simply run the deployignore
command in your project directory as part of your CI or other deployment script. This will delete the files and folders in your deployignore.json
file.
To install Deployignore:
Install Node and npm if you haven't already.
Install Deployignore via npm:
npm install -g deployignore
Create a deployignore.json file:
touch deployignore.json
See the example deployignore.json
file below to see what goes in that file.
Running deployignore
in your project directory with an empty deployignore.json
file should return an exit code of 0.
Here's an example deployignore.json
file:
[
"file1.txt",
"subdir/subsubdir/file2.txt",
"file3.txt",
"subdir/byebyedir"
]
You can run Deployignore anywhere in your project:
~/my-project $ deployignore
~/my-project/bin/models $ deployignore
(both of these work)
Verbose mode gives extra information:
~/my-project $ deployignore --verbose
FAQs
[![npm version](https://badge.fury.io/js/deployignore.svg)](https://badge.fury.io/js/deployignore)
The npm package deployignore receives a total of 4 weekly downloads. As such, deployignore popularity was classified as not popular.
We found that deployignore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.