Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
io.extendreality.malimbe
Advanced tools
A collection of tools to simplify writing public API components in Unity.
Malimbe
A collection of tools to simplify writing public API components for the Unity software.
Malimbe for the Unity software aims to reduce repetitive boilerplate code by taking the assemblies that are created by build tools and changing the assembly itself, new functionality can be introduced and logic written as part of the source code can be altered. This process is called Intermediate Language (IL) weaving and Malimbe uses Fody to do it.
Malimbe helps running Fody and Fody addins without MSBuild or Visual Studio and additionally offers running them inside the Unity software by integrating with the Unity software compilation and build pipeline. Multiple weavers come with Malimbe to help with boilerplate one has to write when creating Unity software components that are intended for public consumption. This includes a form of "serialized properties", getting rid of duplicated documentation through XML documentation and the [Tooltip]
attribute as well as weavers that help with ensuring the API is able to be called from UnityEvent
s and more.
Branch | Version | Explanation |
---|---|---|
release | Stable, production-ready | |
preview | Experimental, not production-ready |
Releases follow the Semantic Versioning (SemVer) system.
Navigate to the Packages
directory of your project.
Adjust the [project manifest file][Project-Manifest] manifest.json
in a text editor.
https://registry.npmjs.org/
is part of scopedRegistries
.
io.extendreality
is part of scopes
.io.extendreality.malimbe
to dependencies
, stating the latest version.A minimal example ends up looking like this. Please note that the version X.Y.Z
stated here is to be replaced with the latest released version.
{
"scopedRegistries": [
{
"name": "npmjs",
"url": "https://registry.npmjs.org/",
"scopes": [
"io.extendreality"
]
}
],
"dependencies": {
"io.extendreality.malimbe": "X.Y.Z",
...
}
}
Switch back to the Unity software and wait for it to finish importing the added package.
Anywhere in your Unity software project add a FodyWeavers.xml
file.
Configure the various weavers Malimbe offers, e.g.:
<?xml version="1.0" encoding="utf-8"?>
<Weavers>
<Malimbe.FodyRunner>
<LogLevel>Error, Warning</LogLevel>
<AssemblyNameRegex>^Zinnia</AssemblyNameRegex>
<AssemblyNameRegex>^Assembly-CSharp</AssemblyNameRegex>
</Malimbe.FodyRunner>
<Malimbe.BehaviourStateRequirementMethod/>
<Malimbe.MemberChangeMethod/>
<Malimbe.MemberClearanceMethod/>
<Malimbe.PropertySerializationAttribute/>
<Malimbe.XmlDocumentationAttribute IdentifierReplacementFormat="`{0}`"/>
</Weavers>
As with any Fody weaver configuration the order of weavers is important in case a weaver should be applying to the previous weaver's changes.
In case there are multiple configuration files all of them will be used. In that scenario, if multiple configuration files specify settings for the same weaver, a weaver will be configured using the values in the last configuration file found. A warning is logged to notify of this behavior and to allow fixing potential issues that may arise by ensuring only a single configuration exists for any used weaver.
Additional weavers are supported. To allow Malimbe's Unity software integration to find the weavers' assemblies they have to be included anywhere in the Unity software project or in one of the UPM packages the project uses.
Check out the Documentation a further in-depth look at the features of Malimbe.
If you want to raise a bug report or feature request please follow SUPPORT.md.
While we intend to add more features to Malimbe when we identify a need or use case, we're always open to take contributions! Please follow the contribution guidelines found in CONTRIBUTING.md.
Inspired by Fody's naming the name "Malimbe" comes from the small birds that belong to the weaver family Ploceidae.
Malimbe is released under the MIT License.
Third-party notices can be found in THIRD_PARTY_NOTICES.md
These materials are not sponsored by or affiliated with Unity Technologies or its affiliates. "Unity" and "Unity Package Manager" are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere.
FAQs
A collection of tools to simplify writing public API components in Unity.
The npm package io.extendreality.malimbe receives a total of 38 weekly downloads. As such, io.extendreality.malimbe popularity was classified as not popular.
We found that io.extendreality.malimbe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.