Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
github-hook-simplify
Advanced tools
GitHub is great in that it supports hooks that provide information about a *lot* of things. These events are very detailed, and de-normalised.
GitHub is great in that it supports hooks that provide information about a lot of things. These events are very detailed, and de-normalised.
This is really useful if you need to process them immediately, but it becomes less interesting if you need to store them. Not only is it a fair bit more data to store, but the de-normalised parts are likely to have become wrong in the mean time.
What this library does is that it simplifies and trims down the payload for GitHub hook data so as to, for instance, replace the user details with just the user name or a full issue description with just the issue number.
The usual:
npm install --save github-hook-simplify
It's pretty simple:
var ghs = require("github-hook-simplify");
ghs("event-name", eventPayload);
The first parameter is the event type (the same string provided in the GitHub API), and the second is the payload.
The payload is modified in place, so be careful if you want to keep the original around; you will need to clone it. It is also returned so that one can chain.
The module will also detect if it's dealing with an already-simplified payload and handle that gracefully. You therefore don't need to be careful about how many times you apply simplification. (This is notably useful if the module gets an update in the future such that it supports more simplifications. You will be able to re-simplify what you already have without breaking it.)
FAQs
GitHub is great in that it supports hooks that provide information about a *lot* of things. These events are very detailed, and de-normalised.
We found that github-hook-simplify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.