Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
foso-cdn
Advanced tools
Readme
A webservice that dishes out files from npm packages.
Inspired by npm-cdn, wzrd.in, brcdn.org and jsdelivr.
$ git clone https://github.com/fosojs/cdn.git && cd ./cdn
$ npm install
$ node app
To access a file inside a published npm package, use the following pattern:
http://cdn.foso.me/raw/{packageName}@{packageVersion}/{filePath}
Examples:
When a package is downloaded, index files are generated in HTML and JSON format.
Any npm package can be loaded through the /bundle/{bundleRoute}
endpoint.
The bundleRoute
should end either with .js
or .css
and should contain a list
of one or more packageRoutes
. For example, /bundle/foo,bar,baz.js
will return a JavaScript file that is a
concatenation of the latest versions of foo
, bar
, baz
.
Sometimes it might be necessary to load a specific version of a package. In order to do so, it is
possible to specify the version of the package after a @
character. For example,
/bundle/foo@4.2.13,bar@3,baz.js
will return the 4.2.13
's version of foo
,
the latest version of the 3
rd major version of bar
and the latest version of
baz
.
By default, the main file of the package is loaded (the path to the main file is stored in the "main"
field for js and in the "style"
field for css, in the package.json
file). However, it is possible to
load any file of a package by specifying the path to it. E.g., to load the collection/pluck.js
file of the lodash package, this URL can be used: /bundle/lodash@3.10.1(collection/pluck).js.
It is also possible to load several files from a package: /bundle/lodash@3.10.1(array/fill+collection/pluck).js.
It is possible to minify the resources by adding .min
to the end of their path. For instance:
The MIT License (MIT)
FAQs
A webservice that dishes out files from npm packages.
The npm package foso-cdn receives a total of 121 weekly downloads. As such, foso-cdn popularity was classified as not popular.
We found that foso-cdn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.