Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
git-commit-push-via-github-api
Advanced tools
git-commit-push-via-github-api
Git commit and push by using GitHub API. No depended Git binary.
git-commit-push-via-github-api
Git commit and push by using GitHub API.
No depended on Git binary.
Install
Install with npm:
npm install git-commit-push-via-github-api
Usage
const fs = require("fs");
const { gitCommitPush } = require("git-commit-push-via-github-api");
process.on("unhandledRejection", console.dir);
if (!process.env.GITHUB_API_TOKEN) {
throw new Error("GITHUB_API_TOKEN=xxx node example.js");
}
gitCommitPush({
// commit to https://github.com/azu/commit-to-github-test
owner: "azu",
repo: "commit-to-github-test",
// commit files
files: [
{ path: "README.md", content: fs.readFileSync(__dirname + "/README.md", "utf-8") },
{ path: "dir/input.txt", content: fs.readFileSync(__dirname + "/dir/input.txt", "utf-8") },
// Pass binary as Buffer
{ path: "next-item.mp3", content: fs.readFileSync(__dirname + "/next-item.mp3") },
{ path: "image.png", content: fs.readFileSync(__dirname + "/image.png") }
],
fullyQualifiedRef: "heads/master",
forceUpdate: false, // optional default = false
commitMessage: "HELLO"
})
.then(res => {
console.log("success", res);
})
.catch(err => {
console.error(err);
});
Related
- Ramshackle-Jamathon/commit-to-github: make commits to github without git, perfect for AWS lambda
- wuzhizhe/uploadFileToGithub
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test:
GITHUB_API_TOKEN=xxx npm run test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Author
License
MIT © azu
FAQs
Git commit and push by using GitHub API. No depended Git binary.
The npm package git-commit-push-via-github-api receives a total of 70 weekly downloads. As such, git-commit-push-via-github-api popularity was classified as not popular.
We found that git-commit-push-via-github-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025