Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
install-artifact-from-github
Advanced tools
Create binary artifacts hosted by github and install them without compiling.
This is a no-dependency micro helper for developers of binary addons for Node. It is literally two small one-file utilities integrated with GitHub releases. The project solves two problems:
In general, it can save your users from a long recompilation and, in some cases, even save them from installing build tools. By using GitHub facilities (Releases and Actions) the whole process of publishing and subsequent installations are secure, transparent, painless, inexpensive, or even free for public repositories.
Installation:
npm install --save install-artifact-from-github
In your package.json
(pseudo-code with comments):
{
// your custom package.json stuff
// ...
"scripts": {
// your scripts go here
// ...
// saves an artifact
"save-to-github": "save-to-github-cache --artifact build/Release/ABC.node",
// installs using pre-created artifacts
"install": "install-from-cache --artifact build/Release/ABC.node",
// used by "install" to test the artifact
"verify-build": "node scripts/verify-build.js"
// used by "install" to rebuild from sources
"rebuild": "node-gyp rebuild"
}
}
Examples of GitHub actions can be found in the documentation.
The full documentation is available in the wiki.
save-to-github
here from a separate project, reduced 3rd-party dependencies.yarn
-specific bug.FAQs
Create binary artifacts hosted by github and install them without compiling.
The npm package install-artifact-from-github receives a total of 321,604 weekly downloads. As such, install-artifact-from-github popularity was classified as popular.
We found that install-artifact-from-github demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.