Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
Elm is a functional programming language that compiles to JavaScript.
Head over to The Official Guide to start learning Elm!
For normal installs, I reccomend using the instructions here instead. This package is only for people who enjoy using npm
even when it is not necessary, or for people who want to use npm
for certain scenarios such as:
Multiple versions
People using Elm at work may use different versions of Elm in different projects. They can run npm install elm@latest-0.19.1
in each project and use the binary at ./node_modules/.bin/elm
for compilation.
Continuous integration
The npm
installer works for this, but there are faster and more reliable options:
elm
directly from GitHub with this script. This allows you to skip npm
entirely.That said, it works to use the npm
installer on CI if you prefer that option.
The following command should download the latest Elm 0.19.1 binary:
npm install elm@latest-0.19.1
You should be able to run ./node_modules/bin/elm --version
within your project and see 0.19.1
. Now you can compile with ./node_modules/bin/elm make src/Main.elm
and not disrupt other packages.
Use npm install elm@latest-0.19.0
or npm install elm@latest-0.18.0
for earlier versions.
Note: The latest-X.Y.Z
convention is used in case we need to publish patches for the npm
installer within a given Elm release. For example, say npm
decides that some transitive dependency is not secure. Nothing is changing about Elm or the binaries, but we need to publish a new npm
installer that fixes this issue.
FAQs
Installer for Elm: just downloads the binary into node_modules
The npm package elm receives a total of 27,286 weekly downloads. As such, elm popularity was classified as popular.
We found that elm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.