Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
安装Gaea-cli
npm install gaea-cli -g
初始化项目(如果项目名字和目录一致,可以在当前目录生成模版代码)
gaea init projectName 或者 g2 init projectName
安装依赖
npm install
编译第三依赖方包
npm run dll
开发
npm run dev
编译
npm run build
上传
npm run upload
eslint代码检查、格式化
npm run lint
真机调试
npm run carefree
骨架屏html注入
npm run skeleton
配置上传测试服务器地址和路径,具体可参看,配置上传的host、用户名username、密码password、上传地址target, 例如:
new WebpackUploadPlugin({
source:'build',
ignoreRegexp:/node_moudles/,
httpOption:{
host:'测试服务器地址',
port:3000,
username:'',
password:'',
target:`/var/www/html/${config.ftpServer}/${config.ftpTarget}`
}
})
配置carefree真机调试,具体可参看,例如:我们将开发阶段的代码打包上传至测试域名page.jd.com,用于真机扫二维码调试
new Carefree({
justUseWifi: false,
publicPath: '//page.jd.com/exploit/'+config.ftpTarget+'/'+config.version+'/',
ftp: {
host: '测试服务器地址',
port: 3000,
source: 'build',
target: '/var/www/html/page.jd.com/'+config.ftpTarget+'/'
}
})
目前的第三方库有 vue、qs、axios、vue-router ,如果增加和删除的话,可以更改字符串:"vue,qs,axios,vue-router" ; 重新执行npm run dll
https://static.360buyimg.com/exploit/mtelink/1.0.0/js/app.js
//static.360buyimg.com/exploit/mtelink
如果是html和静态资源都交给后端,那么这个值设置成空就行。https://static.360buyimg.com/exploit/mtelink/lib/vendor.dll.js
| https://static.360buyimg.com/exploit/mtelink/lib/1.0.0/vendor.dll.js
文件router.js 配置了脚手架的相关路由信息,推荐使用【history】路由。脚手架支持history路由和hash路由。在 router.js 中默认是history路由。它是真实的路由地址,所以需要后台那帮你配置重定向, 比如首页的路由是 http://telink.jd.com/index。那么你的路由的首页也是/index 。 比如搜索页/search 是不存在后端服务器上的。所以需要你让后端把其余的单页面的路由都重定指向首页的vm。
对于carefree,上传到测试服务器page.jd.com 默认是hash路由,方便大家进行测试
const router = new VueRouter({
mode:carefree?'hash':'history',
routes
});
脚手架提供了vue的骨架屏注入方案,在命令行工具选择骨架屏,就会下载骨架屏相对应的模板。
src/skeleton 就是基于vue-server-renderer服务端渲染,抽取手写骨架屏的css 和 html 注入到 打包的html中。
src/skeleton/skeleton.vue 文件就是手写的骨架屏组件,推荐只渲染入口页首屏骨架 npm run skeleton 就会将src/skeleton/index.html 生成到外层src/index.html 注入完成后,就可以后续正常开发
smock 是开发阶段基于swagger的自动化mock假数据工具,需要配置参数如下: 修改package.json 中字段,具体可以参看
"smock": {
"host": "",
"domain": "",
"projectName": ""
}
FAQs
gaea-cli
The npm package gaea-cli receives a total of 16 weekly downloads. As such, gaea-cli popularity was classified as not popular.
We found that gaea-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.