Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
henge-ruff-jenkins
Advanced tools
This plugin provides common variables and extensions for Henge on Ruff Jenkins.
Name | Description |
---|---|
branch | Current Git branch, defaults to environment variable GIT_BRANCH . For complete resolving logic, please check out the source code. |
jenkinsUrl | Defaults to environment variable JENKINS_URL , fallbacks to 'http://jenkins.nanchao.org:8080/' . |
configUrl | Base url or path under which the configuration files are stored. For example "{configUrl}/embedded-platforms.json" . |
If you want to use local configuration files, you may add, for example, a
embedded-platforms.json
file under your project directory, and distribute
with --local
:
henge dist --local
Then the configUrl
variable will have the value "."
.
If you want to provide reusable configurations, you can add them into a
directory and set environment variable HENGE_RUFF_CONFIG_DIR
(which will
update the configUrl
variable).
This plugin adds the ability to resolve Jenkins dependencies to proper artifact URLs.
Some extra options are provided:
"master"
,
"release"
and "develop"
).GitHub resolving is also provided with following options:
<username>/<project>
."master"
.This plugin also provides default artifact ID for artifacts, the ID could look like:
"{name}-{version}"
(master or local)"{name}-{version}-{platform}"
(master or local, multiplatform)"{name}-{version}-SNAPSHOPT-{build}"
(other braches on Jenkins)"{name}-{version}-{platform}-SNAPSHOPT-{build}"
(other braches on Jenkins,
multiplatform)To build this plugin:
npm install # Install dependencies
npm install henge # Do not need to save
npm run build # Compile TypeScript
Or you can use watch mode for compilation during development:
npm run build -- -w
FAQs
Ruff Jenkins Plugin for Henge
The npm package henge-ruff-jenkins receives a total of 1 weekly downloads. As such, henge-ruff-jenkins popularity was classified as not popular.
We found that henge-ruff-jenkins demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.