Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
generator-reaction
Advanced tools
This is a Yeoman generator plugin used by Reaction Commerce developers. The main generator creates a new project. There are also subgenerators for creating a new NPM package project and for quickly adding GraphQL files to the main Reaction project.
First, globally install Yeoman and generator-reaction using npm (we assume you have pre-installed node.js).
npm install -g yo generator-reaction
If you are adding or modifying generators in this package, you can test them prior to publishing by running npm link
in the generator project's root directory to make the template available globally on your system.
npm link
mkdir project-name
cd project-name
yo reaction
mkdir package-name
cd package-name
yo reaction:npm
yo reaction:graphql
To ensure that all contributors follow the correct message convention, each time you commit your message will be validated with the commitlint package, enabled by the husky Git hooks manager.
Examples of commit messages: https://github.com/semantic-release/semantic-release
The generator-reaction
package is automatically published by CI when commits are merged or pushed to the master
branch. This is done using semantic-release, which also determines version bumps based on conventional Git commit messages.
GPL-3.0 © Reaction Commerce, Inc.
FAQs
Project generator for Reaction NodeJS projects. Built with Yeoman.
The npm package generator-reaction receives a total of 1 weekly downloads. As such, generator-reaction popularity was classified as not popular.
We found that generator-reaction demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.