Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A Node module and CLI for generating versions according to the Drone-Ver specification (a.k.a. the best way to version something).
If you have not read the drone-ver specification yet, why not? It's required reading for this module. Go and read it now. Do not pass Go. Do not use Go. Do not collect $200.
...
...
OK, all caught up now? Excellent, let us proceed.
The simplest way to use drone-ver is via the command line.
npm install -g drone-ver
cd /path/to/your/node/project
drone-ver
This will ask you some important questions to generate a valid Drone Version, then optionally save it to your package.json
under the "droneVersion"
key. It will also query GitHub for some of the data so, um, make sure you have a network connection, I guess?
For more control over the version, you can include Drone-Ver as a dependency.
npm install --save-dev drone-ver
Include it like any other module.
var droneVer = require('drone-ver');
Create a new Drone Version with your own data.
var version = droneVer.create({
major: 3,
mood: 'whimsical',
issues: 183,
social: 5,
dictionary: 'random',
unixtime: Math.floor(Date.now() / 1000)
});
All data properties are optional. You're not allowed to specify the last part of the version — it is always 7.
The return value is an object with data properties for the parts of the version. But you're probably just going to want the full version string.
version.major; // 3
version.mood; // 'whimsical'
version.seven; // 7
version.toString(); // '3.whimsical.183.5.random.1446168078.7'
Parse a Drone Version string into an object with its component parts (as returned by .create()
).
var version = droneVer.parse('3.whimsical.183.5.random.1446168078.7');
version.mood; // 'whimsical'
version.issues; // 183
It will rightly complain if you try to give it a so-called "semantic" version.
var version = droneVer.parse('2.1.5');
// TypeError: Woah, that version looks a bit too sensible to me
Compares two Drone Versions (either strings or objects). Return value:
-1
if version1
is lower than version2
0
if the versions are equal1
if version1
is higher than version2
Comparison is done on the unixtime
portion of the version, as defined by point 7 of the specification. If you want the MORE EXCITING comparison, pass {moreExciting: true}
as the options
parameter, and it will compare the versions based on their dictionary
portions.
var version1 = '1.sleepy.0.0.calamitous.1437363538.7';
var version2 = '2.joyous.0.0.armadillo.1446532221.7';
droneVer.compare(version1, version2); // -1
droneVer.compare(version1, version2, {moreExciting: true}); // 1
Pfft, why wouldn't you?
You are within a labyrinth. At the exit gate are two guards. One always answers "yes" and the other always answers "no". You must choose which one to believe.
Alternatively, go find an ice cream to eat, or something. Sorry, what was the question again?
Thanks to Curtis Lassam for writing Cube Drone and the original Drone-Ver.
Oh, and for Horse Drawing Tycoon.
FAQs
Drone Versioning made easy, but not more sensible.
The npm package drone-ver receives a total of 1 weekly downloads. As such, drone-ver popularity was classified as not popular.
We found that drone-ver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.