
Research
/Security News
Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader
3 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.
hexo-deployer-qiniu
Advanced tools
This is a hexo deployer plugin which help you to embed static file stored on qiniu
The point is you don't need upload files to qiniu manual
基于hexo-qiniu-sync修改,删减了大部分功能,仅保留文件上传的部分。
To install, run the following command in the root directory of hexo:
npm install hexo-deployer-qiniu --save
And add this plugin in your _config.yml.
##七牛云存储设置
##type 类型,这里填写qiniu
##bucket 空间名称
##access_key 上传密钥AccessKey
##secret_key 上传密钥SecretKey
##sync_dir 上传目录,默认上传: public/*,填写后上传: public/qiniu_dir(包含qiniu_dir目录本身)
deploy:
- type: git
repo: ***
branch: master
- type: qiniu
bucket: ***
access_key: ***
secret_key: ***
sync_dir: static
##prefix 静态文件访问的前缀,例如:http://7xo6lp.com1.z0.glb.clouddn.com/static/;用于标签解析解析
##extend 这是个特殊参数,用于生成缩略图或加水印等操作。具体请参考http://developer.qiniu.com/docs/v6/api/reference/fop/image/
qiniu:
prefix: http://7xo6lp.com1.z0.glb.clouddn.com/static/
extend: ?imageView2/2/w/800/h/2000
FAQs
Qiniu deployer plugin of Hexo.
The npm package hexo-deployer-qiniu receives a total of 12 weekly downloads. As such, hexo-deployer-qiniu popularity was classified as not popular.
We found that hexo-deployer-qiniu demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
3 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.