![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
hubot-slack
Advanced tools
Readme
This is a Hubot adapter to use with Slack.
npm install -g hubot coffee-script
hubot --create [path_name]
cd [path_name]
npm install hubot-slack --save
./bin/hubot
This is a modified set of instructions based on the instructions on the Hubot wiki.
Make sure hubot-slack
is in your package.json
dependencies
Edit your Procfile
and change it to use the slack
adapter:
web: bin/hubot --adapter slack
Install heroku toolbelt if you haven't already.
heroku create my-company-slackbot
heroku addons:add redistogo:nano
Activate the Hubot service on your "Team Services" page inside Slack.
Add the config variables. For example:
% heroku config:add HEROKU_URL=http://soothing-mists-4567.herokuapp.com
% heroku config:add HUBOT_SLACK_TOKEN=dqqQP9xlWXAq5ybyqKAU0axG
% heroku config:add HUBOT_SLACK_TEAM=myteam
% heroku config:add HUBOT_SLACK_BOTNAME=slack-hubot
Deploy and start the bot:
% git push heroku master
% heroku ps:scale web=1
Profit!
This adapter uses the following environment variables:
This is the service token you are given when you add Hubot to your Team Services.
This is your team's Slack subdomain. For example, if your team is https://myteam.slack.com/
, you would enter myteam
here.
Optional. What your Hubot is called on Slack. If you entered slack-hubot
here, you would address your bot like slack-hubot: help
. Otherwise, defaults to slackbot
.
Optional. If you entered blacklist
, Hubot will not post in the rooms specified by HUBOT_SLACK_CHANNELS, or alternately only in those rooms if whitelist
is specified instead. Defaults to blacklist
.
Optional. A comma-separated list of channels to either be blacklisted or whitelisted, depending on the value of HUBOT_SLACK_CHANNELMODE.
Optional. By default, Slack will not linkify channel names (starting with a '#') and usernames (starting with an '@'). You can enable this behavior by setting HUBOT_SLACK_LINK_NAMES to 1. Otherwise, defaults to 0. See Slack API : Message Formatting Docs for more information.
The slack adapter adds a path to the robot's router that will accept POST requests to:
/hubot/slack-webhook
Source: https://github.com/tinyspeck/hubot-slack/blob/2.1.0/src/slack.coffee#L149-L165
Expected parameters:
If there is a message and it can deduce an author from those paramters, it'll create a new TextMessage object and have the robot receive it, from there proceeding down the regular hubot path.
When a script calls send()
or reply()
this adapter makes a POST request to your team's specific URL webhook:
https://<your_team_name>.slack.com/services/hooks/hubot
with a JSON-formatted body including the following dictionary:
FAQs
A Slack adapter for hubot
The npm package hubot-slack receives a total of 28,369 weekly downloads. As such, hubot-slack popularity was classified as popular.
We found that hubot-slack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.