
Product
Secure Your AI-Generated Code with Socket MCP
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
A CLI for George, a static analysis tool for SE212 at the University of Waterloo.
Helpful links:
Make sure you have Node v18+ installed.
The easiest way try out the CLI is using npx
:
$ npx george-cli myfile.grg
The CLI can check multiple files at once:
$ npx george-cli *.grg
When used in combination with a clipboard tool like pbcopy
or xclip
, it becomes really easy to share the analysis of all your .grg
files with your classmates:
$ npx george-cli *.grg | pbcopy # Copy to clipboard on Mac
$ npx george-cli *.grg | xclip -selection clipboard # Copy to clipboard on Linux, I'd recommend creating an alias
You can also watch for file changes to get feedback from George as you edit the file:
$ npx george-cli --watch *.grg
For your SE212 assignments I recommend you save your work in a private git repository.
You can create an npm project and install the CLI locally and make npm run test
test all your .grg
files.
When editing files in an editor (e.g. VSCode), you make npm run watch
script and run that in your editor's terminal while you edit your files.
$ npm init -y
$ touch a.grg, b.grg, c.grg # example
$ npm install --save-dev george-cli
$ vim package.json # change the "test" script command to run george-cli
$ cat package.json
{
"name": "foo",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"test": "npx george *.grg",
"watch": "npx george --watch *.grg"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"devDependencies": {
"george-cli": "^0.0.1"
}
}
$ npm run watch
While not recommended for versioning reasons, you can install george-cli
globally:
$ npm install --global george-cli
$ george myfile.grg
FAQs
CLI for George (UW SE212)
The npm package george-cli receives a total of 3 weekly downloads. As such, george-cli popularity was classified as not popular.
We found that george-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
Security News
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.