Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
⚠️ This is very early stage of the project. I've putted it together literally in few hours. Use on your own risk.
This is framework how to easily create set of test to ensure that environment is correctly setup.
It's kinda something like ESLint but to test your environment.
yarn add envdoctor -D
First you have to create a configure file:
Let's use .doctorrc.js
as in example/
folder
module.exports = {
extends: ["essentials"],
rules: {
"yarn-version": [2, "1.9.0"],
"node-version": [2, "v8"]
}
};
for
essentials
please installenvdoctor-config-essentials
package
Then we can add script into package.json
...
"scripts": {
"doctor": "doctor"
},
...
Now you should be able to run
yarn run doctor
and you would get (if you pass the test :) )
✔ Check Node version
✔ Check Yarn version
You can use either name (string) which should match installed package. We'll try to load envdoctor-config-<yourname>
first, then it fallback to the full name.
You can also pass your own configuration as an object for example
extends: ["essentials", require("./doctor")]
. See /example
implementation for more details.
Every defined rule is automatically checked. You can change this with syntax
"yarn-version": 0, // disable rule; [0], "off", "disable" acts the same
or you can change severity of the rule to "warn" by
"yarn-version": [1, "1.9.0"], // you can also use "warn", ["warn] acts the same
This is actually really similar as example above
function ownRuleImplementation(arg) {
return "Failed Hello " + arg;
}
ownRuleImplementation.description = "This is just example"
...
rules {
"own-rule": [2, "World", ownRuleImplementation],
...
}
static
description
field could be also an function to get the same arguments as the check itself. Could be convenient for generic checks. (Check thetestPort.js
implementation in/example
)
As you can see, if the function returns string, it means the check failed and the string is used as reason. To pass the check please return undefined, or boolean / true.
Configuration is basically JSON object which defines the rules. Check the envdoctor-config-essentials
implementation for example.
FAQs
The framework for various tests / checks in the current environment
The npm package envdoctor receives a total of 5 weekly downloads. As such, envdoctor popularity was classified as not popular.
We found that envdoctor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.