
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Take your task runner further
If you have a tasks.json
file running isom
or npx isom
will run the task you pass in or the start task.
For every task you can define you can also have a pre
post
as well as a cleanup
associated with it.
pre
runs before the main command.command
runs if the pre
command is successfulpost
runs if the command
was successfulclean
runs regardless of the success or failure of the other tasksThe tasks.json
file
{
"prebuild": ["npx eslint ./src", "npx jest", "rm -rf dist"],
"build": "npx webpack --config ./src/webpack/prod.config.js --mode production",
"postbuild": ["npm publish", "npx publisher", "node ./src/tasks/announce.js"],
"cleanupbuild": "rm -rf dist"
}
Then from the command line you can either run npx isom build
or if installed globally isom build
You can use it within your scripts
so in your package.json
{
"build": "isom build"
}
In addition to single items, a task can be an array of items. If the array is a pretask they execute in a series, however if the array is the main task to run, the tasks run in parallel.
{
"predev": [
"docker-compose -f ./docker/docker-compose.yml up --detach",
"node ./src/scripts/delay.js",
"npx knex migrate:latest",
"npx knex seed:run"
],
"dev": [
"nodemon ./src/server/index.js",
"webpack-dev-server --config ./src/webpack/dev.config.js --mode development"
]
}
Then from command line
isom dev
Then the predev
tasks run in order then then dev
task executes both tasks at the same time.
FAQs
Command line task runner
The npm package isom receives a total of 5,066 weekly downloads. As such, isom popularity was classified as popular.
We found that isom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.