Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Git log parser for Node.JS
npm install gitlog --save
import gitlog from "gitlog";
const options = {
repo: __dirname + "/test-repo-folder",
number: 20,
author: "Dom Harrington",
fields: ["hash", "abbrevHash", "subject", "authorName", "authorDateRel"],
execOptions: { maxBuffer: 1000 * 1024 },
};
const commits = await gitlog(options);
gitlog
comes with full typescript support!
import gitlog, { GitlogOptions } from "gitlog";
// Option 1: Just use the function, returned commit type has specified fields
gitlog({
repo: "foo",
fields: ["subject", "authorName", "authorDate"],
});
// Option 2: Use Options type to create options
const options: GitlogOptions<"subject" | "authorName" | "authorDate"> = {
repo: "foo",
fields: ["subject", "authorName", "authorDate"],
};
gitlog(options);
// Option 3: Typescript Magic
const options = {
repo: "foo",
fields: ["subject", "authorName", "authorDate"] as const,
};
gitlog(options);
// NOT SUPPORTED: Without "as const" gitlog can't create a good return type
const options = {
repo: "foo",
fields: ["subject", "authorName", "authorDate"],
};
gitlog(options);
See git log
The location of the repo, required field.
The number of commits to return, defaults to 10.
Show commits more recent than a specific date.
Show commits older than a specific date.
Limit the commits output to ones with author/committer header lines that match the specified pattern.
Below fields was returned from the log:
This option is enabled by default.
Much more likely to set status codes to 'C' if files are exact copies of each other.
This option is disabled by default.
Pass the -m
option to includes files in a merge commit.
This option is disabled by default.
Pass the --follow option to follow files across renames.
This option is disabled by default.
Find commits on all branches instead of just on the current one.
This option is disabled by default.
Show only commits in the specified branch or revision range.
By default uses the current branch and defaults to HEAD
(i.e. the whole history leading to the current commit).
Optional field for getting only the commits that affected a specific line range of a given file.
Optional file filter for the git log
command
Type: Object
Specify some options to be passed to the .exec() method:
cwd
String Current working directory of the child processenv
Object Environment key-value pairssetsid
Booleanencoding
String (Default: 'utf8')timeout
Number (Default: 0)maxBuffer
Number (Default: 200*1024)killSignal
String (Default: 'SIGTERM')An array of fields to return from the log, here are the possible options:
hash
- the long hash of the commit e.g. 7dd0b07625203f69cd55d779d873f1adcffaa84aabbrevHash
- the abbreviated commit hash e.g. 7dd0b07treeHash
- the tree hash of the commitabbrevTreeHash
- the abbreviated commit hashparentHashes
- the parent hashesabbrevParentHashes
- the abbreviated parent hashesauthorName
- author name of the commitauthorEmail
- author email of the commitauthorDate
- author date of the commitauthorDateRel
- relative author date of the commitcommitterName
- committer namecommitterEmail
- committer emailcommitterDate
- committer datecommitterDateRel
- relative committer datesubject
- commit message (first line)body
- commit bodyrawBody
- raw body (subject + body)tag
- raw tag information of commitDefaults to 'abbrevHash', 'hash', 'subject' and 'authorName'.
This module works by executing a child process (using child_process.exec()
) to the git
executable, then parsing the stdout into commits. This is done using the --pretty
command line option which allows you to provide a custom formatter to git log
. To enable easy parsing the format is delimited by a tab (\t
) character.
The following is an example of what a parsed commit might look like.
{
"hash": "6a7ef5e3b3d9c77743140443c8f9e792b0715721",
"abbrevHash": "6a7ef5e",
"treeHash": "f1bf51b15b48a00c33727f364afef695029864c0",
"abbrevTreeHash": "f1bf51b",
"parentHashes": "cfe06dbdb8d0a193640977e016a04678f8f3b04f",
"abbrevParentHashes": "cfe06dbdb8d0a193640977e016a04678f8f3b04f",
"authorName": "Dom Harrington",
"authorEmail": "dom@harringtonxxxxx",
"authorDate": "2015-04-09 09:39:23 +0100",
"authorDateRel": "6 days ago",
"committerName": "Dom Harrington",
"committerEmail": "dom@harringtonxxxxx",
"committerDate": "Thu Apr 9 09:39:23 2015 +0100",
"committerDateRel": "6 days ago",
"subject": "1.0.0",
"status": ["M"],
"files": ["package.json"]
}
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Git log parser for Node.JS
We found that gitlog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.