Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
homebridge-xiaomi-yeelight
Advanced tools
This is a template Homebridge platform plugin and can be used as a base to help you get started developing your own plugin.
This template should be used in conjunction with the developer documentation. A full list of all supported service types, and their characteristics is available on this site.
Click the link below to create a new GitHub Repository using this template, or click the Use This Template button above.
To develop Homebridge plugins you must have Node.js 12 or later installed, and a modern code editor such as VS Code. This plugin template uses TypeScript to make development easier and comes with pre-configured settings for VS Code and ESLint. If you are using VS Code install these extensions:
Using a terminal, navigate to the project folder and run this command to install the development dependencies:
npm install
Open the package.json
and change the following attributes:
name
- this should be prefixed with homebridge-
or @username/homebridge-
and contain no spaces or special characters apart from a dashesdisplayName
- this is the "nice" name displayed in the Homebridge UIrepository.url
- Link to your GitHub repobugs.url
- Link to your GitHub repo issues pageWhen you are ready to publish the plugin you should set private
to false, or remove the attribute entirely.
Open the src/settings.ts
file and change the default values:
PLATFORM_NAME
- Set this to be the name of your platform. This is the name of the platform that users will use to register the plugin in the Homebridge config.json
.PLUGIN_NAME
- Set this to be the same name you set in the package.json
file.Open the config.schema.json
file and change the following attribute:
pluginAlias
- set this to match the PLATFORM_NAME
you defined in the previous step.TypeScript needs to be compiled into JavaScript before it can run. The following command will compile the contents of your src
directory and put the resulting code into the dist
folder.
npm run build
Run this command so your global install of Homebridge can discover the plugin in your development environment:
npm link
You can now start Homebridge, use the -D
flag so you can see debug log messages in your plugin:
homebridge -D
If you want to have your code compile automatically as you make changes, and restart Homebridge automatically between changes you can run:
npm run watch
This will launch an instance of Homebridge in debug mode which will restart every time you make a change to the source code. It will load the config stored in the default location under ~/.homebridge
. You may need to stop other running instances of Homebridge while using this command to prevent conflicts. You can adjust the Homebridge startup command in the nodemon.json
file.
You can now start customising the plugin template to suit your requirements.
src/platform.ts
- this is where your device setup and discovery should go.src/platformAccessory.ts
- this is where your accessory control logic should go, you can rename or create multiple instances of this file for each accessory type you need to implement as part of your platform plugin. You can refer to the developer documentation to see what characteristics you need to implement for each service type.config.schema.json
- update the config schema to match the config you expect from the user. See the Plugin Config Schema Documentation.Given a version number MAJOR
.MINOR
.PATCH
, such as 1.4.3
, increment the:
You can use the npm version
command to help you with this:
# major update / breaking changes
npm version major
# minor update / new features
npm version update
# patch / bugfixes
npm version patch
When you are ready to publish your plugin to npm, make sure you have removed the private
attribute from the package.json
file then run:
npm publish
If you are publishing a scoped plugin, i.e. @username/homebridge-xxx
you will need to add --access=public
to command the first time you publish.
You can publish beta versions of your plugin for other users to test before you release it to everyone.
# create a new pre-release version (eg. 2.1.0-beta.1)
npm version prepatch --preid beta
# publsh to @beta
npm publish --tag=beta
Users can then install the beta version by appending @beta
to the install command, for example:
sudo npm install -g homebridge-example-plugin@beta
FAQs
Control Xiaomi branded Yeelight in HomeBridge
We found that homebridge-xiaomi-yeelight demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.