
Security News
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Runs commands when files are changed on git pull: for example, when package.json
is changed, npm install
will be ran, installing the dependency updates.
See the source for a full list—it's pretty readable. Please send a pull request if your technology or desired command is missing!
You can either run this script manually every time you pull, or you can set it up on the post-merge git hook so that it runs automatically.
As of 1.0.0, you can install this over npm.
$ npm install -g if_changed
Then to run the script:
$ if_changed
And to install itself into the post-merge hook:
$ if_changed install
To run every time, download if_changed.sh and run it.
To run automatically on the post-merge hook, move the if_changed.sh file to
.git/hooks/post-merge
in your repository (where post-merge is the name of
the file, not a containing directory), and make it executable using
chmod +x post-merge
.
See this document to learn more about git hooks.
Released under the MIT license.
FAQs
Runs installers on file changes
We found that if_changed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.