Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ember-cli-ecosystem-installer
Advanced tools
Tool to install/uninstall the ecosystem packages.
The idea is to define an LTS file that will contain all the packages that are part of the ecosystem you are trying to build. The installer will prompt the user to choose the ecosystem packages to install/uninstall and choose the application specific packages (all the packages that are not included in the ecosystem) to keep/uninstall.
What problems is this application solving?
If you answered yes to any of the questions then maybe this application is for you.
You need to follow a few steps to use this tool:
Note: This tool doesn't contain any LTS ecosystem file. You will have to create one.
You can follow the steps to create an addon that will contain your LTS ecosystem file and use the installer to install the ecosystem.
Create an Ember addon to contain your LTS ecosystem file
We recommend to add this addon to a repository to be able to version your LTS ecosystem file.
Add an LTS file (lts.json
) at the root of your new addon and add the ecosystem content (File format)
Add the following keyword in your package.json: ember-cli-ecosystem-lts
"keywords": [
...
"ember-cli-ecosystem-lts",
...
],
Create a blueprint for your addon
ember g blueprint <addon-name>
Go to /blueprints/<addon-name>/index.js
and add the following
...
normalizeEntityName: function () {
// this prevents an error when the entityName is
// not specified (since that doesn't actually matter
// to us
},
afterInstall: function () {
return this.addAddonsToProject({ packages: [{name: 'ember-cli-ecosystem-installer'}] })
}
...
Once these steps are done you will simply have install your addon in the target application:
cd <your-application>
ember install <addon-name>
This command will do the following:
lts.json
file.ember-cli-ecosystem-installer
tool.package.json
file of your target application and get the name of all the packages that contains the
keyword ember-cli-ecosystem-lts
lts.json
file for each package that contains that keyword and merge all the LTS files. The
merged result is the LTS ecosystem content.It's important to respect the lts.json
file format for this installer to work properly.
You can specify a package that is part of the ecosystem like this
{
"package-name": "target"
}
You can specify a group of packages that is part of the ecosystem like this
{
"group-name": {
"packages": {
"package-name-1": "target1",
"package-name-2": "target2",
}
}
}
Every packages and group are optional by default. You can specify mandatory packages/groups like this
{
"mandatory": {
"package-name": "target",
"group-name": {
"packages": {
"package-name-1": "target1",
"package-name-2": "target2",
}
}
}
}
In the following example the package1
and group1
are mandatory and package4
and group2
are optional.
A group is install or uninstall in totality. You cannot install individual pieces of a group.
{
"mandatory": {
"package1": "1.0.0",
"group1": {
"packages": {
"package2": "~1.0.0",
"package3": "^1.0.0",
}
}
},
"package4": "2.1.2",
"group2": {
"packages": {
"package5": "1.2.20"
}
}
}
Yes, you can create an addon that will have an lts.json
file let's call this addon James
. Then you can create an addon
that will have an lts.json
file let's call this other addon Bond
. We can use the same procedure define above to create
the ecosystem. The only difference is the blueprint's content.
James's blueprint
...
afterInstall: function () {
return this.addAddonsToProject({ packages: [{name: 'ember-cli-ecosystem-installer'}] })
}
...
Bond's blueprint
...
afterInstall: function () {
return this.addAddonsToProject({ packages: [{name: 'James'}] })
}
...
You are getting something like this:
Bond ---depend---> James ---depend---> ember-cli-ecosystem-installer
Then you can install Bond
ember install Bond
Bond will be installed and the lts.json
file from Bond will be copied. Then James will be installed and the
lts.json
file from James will be copied. Then the installer will be installed and it will merge the file
from Bond and James and start the installation of the ecosystem which will contain the content of James's LTS file and
Bond's LTS file.
git clone git@github.com:ciena-blueplanet/ember-cli-ecosystem-installer.git
cd ember-cli-ecosystem-installer
npm install && bower install
Run npm run test
from the root of the project to run linting checks as well as execute the test suite
and output code coverage.
There is a few basic concepts to understand before adding features/fixing issues on this tool.
We will create groups based on the content of the files. All the single packages
(optional and mandatory) like "my-package": "1.0.0"
will be converted in groups containing a single package. We
are doing this to simplify and standardize the handling of groups and single package.
We are getting the state of the groups based on the state of the packages that composed that group. Here is a table with the expected states:
The operations/actions we are doing on a package/group depends on the step and on the selection.
In the first step, LTS features install/uninstall
In the second step, application specific packages keep/uninstall (packages not in the LTS)
2.0.16
No CHANGELOG section found in Pull Request description.
Use a # CHANGELOG
section in your Pull Request description to auto-populate the CHANGELOG.md
FAQs
Tool to install/uninstall the LTS ecosystem packages
The npm package ember-cli-ecosystem-installer receives a total of 1 weekly downloads. As such, ember-cli-ecosystem-installer popularity was classified as not popular.
We found that ember-cli-ecosystem-installer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.