
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
git-commander
Advanced tools
A git tool with an easy terminal interface.

$ npm install -g git-commander
$ git-commander
We have two key sets vi and mc preconfigured. The default one is vi.
You will need to place a file at ~/.config/git-commander/config.json with the following content:
{
"keySet": "mc"
}
You also can redefine keys one by one if you would like. You'll need to extend your ~/.config/git-commander/config.json file with a key called keys and put all your key definitions there. For example if you would like to use the mc key set and make key x quit the application, you'll need to add the following:
{
"keySet": "mc",
"keys": {
"common": {
"quit": [
"x"
]
}
}
}
You can find default settings here.
ANSI color codes are being displayed if you set "always" for color settings in your .gitconfig. For fixing this, set "auto" for color settings like below.
[color]
# diff = always
diff = auto
status = auto
ui = auto
branch = auto
If you use non-ascii character for source files, You need to disable the core.quotepath option using following command:
$ git config --global core.quotepath false
MIT
FAQs
A git tool with an easy terminal interface.
We found that git-commander demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.