Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
flex-plugin-scripts
Advanced tools
Scripts to run, build, and deploy Flex plugin.
Deprecation Notice: These scripts are deprecated and no longer recommended to be used. Please head over to Twilio CLI's Flex Plugins integration on how to use Plugin Builder.
This repo will automatically be installed as part of creating a new plugin.
All scripts can run with DEBUG=1
for a more verbose mode. You may also use TRACE=1
for an even more verbose mode.
Plugin Builder is built using Webpack.js and uses Jest for testing. For users, they will not need to modify any of the Webpack/Jest configurations. For those who do, you can have full control over the Webpack/Jest!
Create a *.config.js
in the root directory of your application. For Jest, create a jest.config.js
. For Webpack, create a webpack.config.js
. For Webpack DevServer, create a webpack.dev.js
. Each of these configurations file should be of the format below:
module.exports = (config, { isProd, isDev, isTest }) => {
/**
* Modify the configuration and then return it
*/
return config;
}
The deploy
script is used to build and deploy your Flex plugin directly to Twilio Assets using the Serverless API.
Usage:
npm run deploy -- {options}
The script will build and deploy your plugin to Twilio Assets using Serverless API. Please note that your AccountSid and AuthToken are required to use this script.
--public
By default, plugins are uploaded as Private plugin. A plugin can be uploaded as Public by setting the --public
flag:
npm run deploy -- --public
Plugin Builder v3 stores your credentials locally in your keychain so you do not have to re-enter your credentials every time. If you like to provide a new set of AccountSid / AuthToken, you may set them as environmental variables before invoking the deploy command:
TWILIO_ACCOUNT_SID=ACxxx TWILIO_AUTH_TOKEN=abc123 npm run deploy
This will use the newly provided credentials and save them in the keychain as well. If you have multiple accounts saved in the keychain, you will be prompted to select on at runtime:
? Select from one of the following Account Sids (Use arrow keys)
❯ AC0000000000000000000000000000000
AC0000000000000000000000000000001
AC0000000000000000000000000000002
Invoking with the TWILIO_ACCOUNT_SID environmental variable, however, will remove this step and the script will use the provided account.
The build
script bundles your plugin into a single minified JavaScript file.
Usage:
npm run build
The test
scripts run your unit tests using jest
.
Usage:
npm run test
The start
scripts sets up the server locally so you develop your Flex plugin in real-time.
Usage:
npm run start
By the default, the script will try to start a server on port 3000, or the first available port larger than 3000. You can provide a custom port using the PORT
environmental variable:
PORT=4000 npm run start
The remove
script removes/delete the the plugin permanently.
Usage:
npm run remove
The info
script provides information about your plugin, including the version of important packages that are currently installed.
Use this script to provide information to the Twilio support team whenever you are having an issue with your plugin-builder.
Usage:
npm run info
Make sure to follow the instructions in the main repository to set up the project.
# Install dependencies and link local packages with each other
cd packages/flex-plugin
npx lerna bootstrap
# Run tests
npm test
# To use your local package in a different project
npm link
# then in a different project
npm link flex-plugin
Thank you to all the lovely contributors to this project. Please check the main repository to see all contributors.
FAQs
Scripts to run, build and deploy Flex plugins
We found that flex-plugin-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.