
Security News
npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
hylo-shared
Advanced tools
The purpose of this library is the sharing of critical code between the Hylo Web and Mobile front-ends and the backend. A primary focus at this time is text handling to ensure consistency of storage and presentation across the apps.
src/
and build using yarn build
(or yarn start
to continuously build)yarn test
to run testsyarn link
in the root of this project, then in the root of the target project (e.g. hylo-evo
or HyloReactNative
) run yarn link hylo-shared
. Your changes should now be available within that project wherever you've imported this library.yarn test
yarn build
git push
npm version <patch|minor|major>
. ⚠️ patch versions should never have breaking changes from previous versiongit push --tags
to push the version tags to the originnpm publish
to publish this new version to the NPM registry. This should be published under the hylodevs
NPM account (see password manager for needed credentials)[5.2.5]
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.