Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
⭐️ Star us on GitHub — it helps!
Create isomorphic progressive web/native app monorepos which you can deploy in the cloud with ease.
All you need to do is spin up a new project, sign up to a few providers, set the tokens and secrets correctly and the rest is all magic. When you push code to master, it will just be deployed everywhere in 10 minutes after a series of checks.
npm i -g ipwa
ipwa my-app
FIREBASE_APP_NAME
and FIREBASE_TOKEN
secretsHEROKU_APP_NAME
and HEROKU_API_KEY
secretsCODECOV_TOKEN
secretDOCKER_USER
and DOCKER_PASS
secrets, also set DOCKER_IMAGE_NAME
value in ./.github/workflows/build-master.yml
CYPRESS_PROJECT_ID
and CYPRESS_TOKEN
secretsPERCY_TOKEN
env variableNPM_TOKEN
npm i -g ipwa
ipwa my-app
Make sure npm dependencies are installed.
npm run dev
in one shell,
npm run nodemon
in another.
DOCKER_IMAGE_NAME
npm run build-docker
Make sure minikube and helm are installed.
Set HELM_APP_NAME
environment variable.
Run locally:
npm run build:helm
npm run build:helm:uninstall
npm run test
Set up the secrets given in the sections below.
CODECOV_TOKEN
Run locally:
npm run test:codecov
Run in CI: See workflow file.
CYPRESS_PROJECT_ID
CYPRESS_TOKEN
Run locally:
npm run test:cypress:run
Run in CI: See workflow file.
PERCY_TOKEN
Run locally:
npm run test:percy
Run in CI: See workflow file.
Run locally:
npm run test:puppeteer
Run in CI: See workflow file.
Sign up in Heroku and create a new app.
Set the following environment secrets.
HEROKU_APP_NAME
HEROKU_API_KEY
Set DOCKER_IMAGE_NAME
value in ./.github/workflows/build-master.yml
Run locally:
npm run release:heroku
Run in CI: See workflow file.
FIREBASE_TOKEN
Run locally:
npm run release:firebase
Run in CI: See workflow file.
Run locally: -
Run in CI: See workflow file.
Run locally: -
Run in CI: See workflow file.
NPM_TOKEN
Run locally: -
Run in CI: See workflow file.
Run locally:
expo:start
expo:android
expo:ios
expo:web
expo:eject
FAQs
🚀 Isomorphic progressive web native cloud app generator. Enough said!
The npm package ipwa receives a total of 7 weekly downloads. As such, ipwa popularity was classified as not popular.
We found that ipwa demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.