
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
gulp-diff-build
Advanced tools
gulp module to stream files only if target files are changed.
$ npm install gulp-diff-build --save-dev
This task will keep a hash reference of target files and run defined tasks only if files changed.
File hashes will be saved in .gulp/gulp-diff-build/hash.json
. You might like to add .gulp
to your .gitignore
.
const diff = require('gulp-diff-build');
const SRC = 'src';
const DEST = 'dist';
gulp.task('default', () => {
gulp.src(SRC)
.pipe(diff())
.pipe(gulp.dest(DEST));
});
Type: bool
Default value: false
flush hash file when running with clear option value: true
Type: bool
Default value: false
flush all hash files when running with clearAll option value: true
Type: string
or array
Default value: undefined
option to filter streaming files. This task will stream only files that match given paths into the gulp stream. If it is undefined, all files will be passed.
Type: string
Defualt value: 'hash'
options to define filename of hash references for multi tasking or multi cache control. files of hash references will be saved as .gulp/gulp-diff-build/[givenName].json
.
example of building sass.
gulp task watch all of sass src files and stream only main.sass
and main-sp.sass
into sass()
task.
const diff = require('gulp-diff-build');
gulp.task('default', () => {
gulp.src('src/sass/**/*.sass')
.pipe(diff({
clean: true,
dest: [
'src/sass/main.sass',
'src/sass/main-sp.sass'
],
hash: 'sass'
}))
.pipe(sass()),
.pipe(gulp.dest('dest'));
});
The MIT License (MIT)
Copyright 2016~ moshisora
FAQs
run tasks only if src files are changed
The npm package gulp-diff-build receives a total of 1,269 weekly downloads. As such, gulp-diff-build popularity was classified as popular.
We found that gulp-diff-build demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.