Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
hof-build
Advanced tools
Performs build workflow for hof apps in prod and development
Run a build by running hof-build
from the command line in your project directory.
hof-build [task]
If no task is specified then all tasks will run.
It is recommended to alias hof-build
to an npm script in your package.json.
browserify
- compiles client-side js with browserifysass
- compiles sassimages
- copies images from ./assets/images directory to ./public/imagestranslate
- compiles translation filesYou can additionally run a watch
task to start a server instance, which will automatically restart based on changes to files. This will also re-perform the tasks above when relevant files change.
By default files inside node_modules
directories and dotfiles will not trigger a restart. If you want to include these files then you can set --watch-node-modules
and --watch-dotfiles
flags respectively.
You can load local environment variables from a file by passing an --env
flag to hof-build watch
and creating a .env
file in your project root that defines your local variables as follows:
MY_LOCAL_ENVVAR=foo
MY_OTHER_ENVVAR=bar
Note: export
is not required, and values should not be quoted.
To load variables from a file other than .env
you should pass the location of the file as a value on the --env
flag.
hof-build watch --env .envdev
The default settings will match those for an app generated using hof-generator
.
If a hof.settings.json
file is found in the application root, then the build
section of the settings file will be used to override the default configuration.
Alternatively you can define a path to a local config file by passing a --config
option
hof-build --config /path/to/my/config.js
Any task can be disabled by setting its configuration to false
(or any falsy value).
module.exports = {
browserify: false
};
Each task has a common configuration format with the following options:
src
- defines the input file or files for the build taskout
- defines the output location of the built code where relevantmatch
- defines the pattern for files to watch to trigger a rebuild of this taskrestart
- defines if this task should result in a server restartAdditionally the server instance created by watch
can be configured by setting server
config. Available options are:
cmd
- defines the command used to start the serverextensions
- defines the file extensions which will be watched to trigger a restartFAQs
Performs build workflow for hof apps in prod and development
The npm package hof-build receives a total of 1 weekly downloads. As such, hof-build popularity was classified as not popular.
We found that hof-build demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.