New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

dev-workflows

Package Overview
Dependencies
Maintainers
1
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dev-workflows

CLI that compiles developer rules into editor-specific config files

Source
npmnpm
Version
0.2.0
Version published
Weekly downloads
24
500%
Maintainers
1
Weekly downloads
 
Created
Source

dev-workflows

npm version license docs

Define AI coding rules once. Compile to CLAUDE.md, .cursor/rules, GEMINI.md.

AI coding tools (Claude Code, Cursor, Gemini CLI) each use different config files for project rules. dev-workflows lets you define rules once in YAML and compile them to each tool's native format. No duplication, no drift.

Quick start

npx dev-workflows init
devw add typescript-strict
devw compile

Requires Node.js >= 22.

Usage

devw init                        # set up .dwf/ in your project
devw add typescript-strict       # install a rule block
devw compile                     # generate CLAUDE.md, .cursor/rules, GEMINI.md

What it generates

Running devw compile produces tool-specific files with your rules between markers:

<!-- BEGIN dev-workflows -->
- Never use `any`. Use `unknown` when the type is truly unknown.
- Always declare explicit return types on exported functions.
- Prefer union types over enums. Use `as const` objects when you need runtime values.
<!-- END dev-workflows -->

Content outside the markers is preserved — your manual notes stay intact.

Available blocks

BlockDescription
typescript-strictStrict TypeScript conventions (no any, explicit returns)
react-conventionsHooks rules, component patterns, naming
nextjs-approuterApp Router patterns, RSC, server actions
tailwindUtility-first CSS conventions and design tokens
testing-basicsTest naming, AAA pattern, mock boundaries
supabase-rlsRow-Level Security enforcement and auth patterns

Commands

CommandDescription
devw initInitialize config in current project
devw compileCompile rules to editor-specific formats
devw add <block>Install a rule block
devw remove <block>Remove an installed block
devw listList available blocks and rules
devw doctorValidate configuration

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT

Keywords

cli
developer-workflows
rules
editor
claude
cursor

FAQs

Package last updated on 08 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

Security News

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.

By Sarah Gooding  -  Apr 11, 2026
Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026