Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Persisted boilerplates for all your projects.
Fed up of copying files everywhere between projects? Fed up of copying them again when you update something?
This project is a middle-ground between an initial project boilerplate (ie. one-time generation of files like yeoman
) and an entirely black-boxed environment (ie. limited exposed scripts like create-react-app
).
Create one source (a frame) and replicate that across all your desired projects. As you update your frame, your projects can be updated to reflect the changes as well!
A frame is simply a npm package with any files (seriously anything). These files act as the template for your project.
$ mkdir my-oss-frame
$ cd my-oss-frame
$ npm init
$ touch .eslintrc .gitignore webpack.config.js LICENSE.md README.md
$ npm publish
All files from your frame are copied over into your project. Woo, boilerplate!
We will also preprocess these files as mustache templates using your data.
$ cd my-project
$ frame my-oss-frame
Just modify any of your frame files (or add new ones!) and publish as a new package version.
$ cd my-oss-frame
$ touch .newconfig
$ npm version minor
$ npm publish
The newly updated files will be copied over.
If you updated any of your project files which were sourced from your frame we treat these as "ejected" files. We do this by keeping track of the file hashes in frame versions.
$ cd my-project
$ npm install my-oss-frame@newverison
$ frame
Note: You can and should commit the files which are persisted into your project.
npm install -g frame
Any data found in your configuration will be available in your files which are all treated as mustache templates. We also add pkg
which is your projects package.json
data!
For example with the configuration file .framerc
:
{
"data": {
"name": "My Project",
"description": "This is a great project"
}
}
And the frame file README.md
:
# {{name}} ({{pkg.version}})
{{description}}
We would see the following file README.md
copied to your project:
# My Project (0.0.1)
This is a great project
package.json
from source frame"extends"
)FAQs
Persisted boilerplates for all your projects
The npm package frame receives a total of 51 weekly downloads. As such, frame popularity was classified as not popular.
We found that frame demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.