![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
gitbot
Advanced tools
Readme
Module containing convenience scripts against GitHub
GITBOT_GITHUB_TOKEN
: Access token against GitHub which needs to have read/write permissions on that repositoryInstall module globally:
npm install -g gitbot
Usage: gitbot [command]
Commands:
merge merge pull request and delete branch
help [cmd] display help for [cmd]
Options:
-h, --help output usage information
Merges pull request and deletes branch.
Usage
Usage: gitbot merge [options]
Options:
-h, --help output usage information
-O, --owner <owner> repository owner
-R, --repository-name <repository name> repository name
-B, --branch-name <branch name> branch name
Example
$ gitbot merge -O john-doe -R awesome-repo -B feature/awesome-stuff
This module uses the semantic-release automated package publishing. Which means that the commit messages are required to look in a certain way.
To ensure this pattern is enforced, we use pre-git which installs a commit-msg
hook.
Please read and understand what the types
mean and use them properly when committing and contributing.
The commit-msg
hook needs to know about your installed node
which means that if you use third party application when committing, like Tower, that application needs to know your PATH environment.
There are probably a lot of ways to solve this, but one that works is to open the application from the terminal: open /Applications/Tower.app
.
FAQs
Module containing convenience scripts against GitHub
The npm package gitbot receives a total of 2 weekly downloads. As such, gitbot popularity was classified as not popular.
We found that gitbot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.