
Research
Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.
Hikki is Japanese for Scribe, or notes. This node module with take comments from your code and mirror them as markdown files in a different directory.
Hikki is Japanese for Scribe, or notes. This node module with take comments from your code and outputs them as markdown files in a different directory.
Generating documentation from code is great, you do not have to context switch between writing docs and writing code, it all lives in the same place. There are a bunch of tools that already do this, like docco and dox. Hikki takes a differnt approach to this in the fact that it want to output markdown files and put them in you repo or another directory that you specify. The reason for this is that sites like Github, Butbucket and Gitlabs are already in our workflow, so we leverage their capabilities and allow those sites to display our docs for us. This then removes the dependecy of running a server to display these docs.
Currently this is not on npm, but if you clone down this repo then run.
npm link
That will symlink the bin to you npm install and you will have the hikki command globally. Also you can add it to you package.json and then point towards this repo using this method.
hikki src/js/**/*.js
That is all that is required. You need to point it towards the files you want to create docs from ( it has glob support :) ). By default this will output Line Delimited Objects but if you specify an output using.
hikki src/js/*.js -o docs
It will then output Markdown files into that directory.
| flags | description |
|---|---|
| -o --output | directory relative to CWD to output markdown files |
| -e --exclude | patterns to exclude from processing eg. vendor |
| -v --verbose | will output to console when a markdown file is written |
| -b --base | base of source, to exclude path when creating markdown files |
| -f --files | a string or array of files to pull data from, glob support |
| -p --prefix | a string to prefix comment blocks to indicate its for docs |
when using globs your terminal will do this automatically and sometime the results are not expected eg.
**/*.jswill not get root level javascript files if you have this issue just add to a string eg."**/*.js"and our glob library will catch the root level files.
Right now the is a JS api but it is not super intuitive. Eg.
var hikki = require("hikki"),
Writable = require("stream").Writable,
ws = Writable();
ws.on("data", function(data) {
console.log(data); // String '{"filename": "...", "content": "..."}'
});
hikki({
files: "src/js/**/*.js",
output: ws,
});
A better API should be made for advanced usage.
FAQs
Hikki is Japanese for Scribe, or notes. This node module with take comments from your code and mirror them as markdown files in a different directory.
We found that hikki demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.

Security News
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.

Security News
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.