Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
git-precheck
Advanced tools
Readme
$ npm install -g git-precheck
You can use this from within any git directory to run basic pre-checks before making a commit:
$ git precheck
Installing node dependencies
Extracting build steps from travis
> shelljs@0.5.3 test /home/...
> node scripts/run-tests
# output of your commands...
Summary of build steps:
√ $ npm test
√ $ node scripts/generate-docs.js
√ $ git diff --quiet # make sure no files have changed
What commands does it choose to run? Well, it aims to run whatever Travis CI would attempt to run. How does it decide? Read below...
But wait, there's more! If you're a fugitive user, then you get vim-integration for free. You can run prechecks from within vim using:
:Git precheck " or if you were smart and made the short alias...
If you're not a fugitive user (but really, why not?) then you can use it like this:
:!git precheck
Yup! It works with Travis as well. If you have a .travis.yml
file in your
repo, it will attempt to read the script
steps from the file and execute those
sequentially, just like Travis would. Now you can know if your PR will pass
before you push it :+1:
Windows compatibility isn't my biggest priority, but it should still be there. If it isn't, drop me a line and let me know.
FAQs
Run pre-commit checks before making commits to projects
The npm package git-precheck receives a total of 1 weekly downloads. As such, git-precheck popularity was classified as not popular.
We found that git-precheck demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.