Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
generator-videojs-plugin
Advanced tools
This is an opinionated Yeoman generator for Video.js plugins. It is based on the recommendations of the Video.js core team as well as tools and conventions for developing plugins at Brightcove.
Lead Maintainer: Pat O'Neill @misteroneill
Maintenance Status: Stable
To learn more about Video.js plugins and this generator's conventions and opinions, check out:
If you don't know what Yeoman is or what generators are, check out the Yeoman Getting Started document. Long story short, make sure you have Yeoman and this generator installed globally:
$ npm install -g yo generator-videojs-plugin
Then, creating the foundation for your Video.js plugin is as simple as:
$ yo videojs-plugin
You will be walked through several options and finish with a working, buildable, testable Video.js plugin. Of course, this plugin won't do anything out of the box - that part is left to your creativity!
By default, the generator will run npm install
after it is finished. This can be a slow process and you may not always need it; so, it can be disabled (this option is provided by Yeoman itself, but it's useful and worth documenting here).
yo videojs-plugin --skip-install
By default, the generator will present the user with a series of prompts to choose various settings. This can be disabled if you've previously selected values and don't want to change them.
yo videojs-plugin --skip-prompt
If you don't want to change configuration, but just want to update an existing plugin and skip all the other stuff (e.g., prompts, installation), you can use this option to do that. You may need to run the installation manually if dependencies changed!
yo videojs-plugin --hurry
Running a Yeoman generator in an empty directory poses no difficulties; however, running it against an existing project can cause conflicts. Yeoman provides a mechanism, which can be confusing because it's not clearly documented, for resolving these conflicts. It will prompt you to choose one of:
Y
: yes (default)n
: noa
: yes to allx
: exitd
: diffh
: helpMost of what this generator does is localized to the package.json
file. Luckily, the generator does a good job of merging your existing contents with the generated contents. In general, it's safe to select Y
for the package.json
in your project.
Other files you'll usually want to select n
on - particularly those files plugin authors will edit the most: anything in src/
or test/
.
However, files that are not commonly edited by plugin authors may deserve a diff check (d
) if you've made changes to these sorts of files. For example, anything in scripts/
.
NOTE: This section comes with the caveat that you know your project better than we do; so, do what you think is best.
Migrating across major versions can be a bit of a pain sometimes, but we're working on making it better with the generator. Here are some notes on migrating to the current major version.
You may - depending on your customizations - want to prepare your project by doing one of two things.
If you have made no customizations, the simplest process may be to remove some or all of the following:
dependencies
, devDependencies
, and/or scripts
from package.json
package-lock.json
scripts/*.js
test/karma.conf.js
test/index.html
For a more conservative approach, you should be able to remove any dependencies not listed in plugin/package.json
unless it is specifically needed by your project.
videojs-generate-rollup-config
babel-core
babel-plugin-external-helpers
babel-plugin-transform-object-assign
babel-preset-env
@babel/preset-env
@babel/plugin-transform-object-assign
@babel/core
@babel/plugin-external-helpers
rollup-plugin-babel
rollup-plugin-commonjs
rollup-plugin-json
rollup-plugin-multi-entry
rollup-plugin-node-resolve
rollup-plugin-uglify
rollup-plugin-terser
uglify-es
videojs-generate-karma-config
karma-browserstack-launcher
karma-chrome-launcher
karma-coverage
karma-detect-browsers
karma-firefox-launcher
karma-ie-launcher
karma-qunit
karma-safari-launcher
karma-safaritechpreview-launcher
karma-safari-applescript-launcher
karma-teamcity-reporter
karma-static-server
qunit
videojs-generate-postcss-config
autoprefixer
postcss-banner
postcss-calc
postcss-csso
postcss-custom-properties
postcss-import
postcss-nesting
postcss-progress
videojs-generator-verify
es-check
pkg-ok
pkg-can-install
@videojs/generator-helpers
conventional-changelog-cli
conventional-changelog-videojs
doctoc
husky
lint-staged
not-prerelease
npm-merge-driver-install
npm-run-all
shx
No longer needed for other reasons
serve-static
: replaced by karma-static-server
in-publish
: replaced by using prepublishOnly
via a new version of npmmkdirp
: replaced by using shx
rimraf
: replaced by using shx
semver
: replaced by @videojs/generator-helpers
FAQs
A Yeoman generator for Video.js plugins
The npm package generator-videojs-plugin receives a total of 19 weekly downloads. As such, generator-videojs-plugin popularity was classified as not popular.
We found that generator-videojs-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.