
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
jetpack-validation
Advanced tools
Validate a directory with a manifest for Firefox Addons using Jetpack and jpm
Validate a directory with a manifest for Firefox Add-ons using the Jetpack/Add-on SDK and jpm.
npm install jetpack-validate --save
The main export takes a path to a directory and returns an object containing properties that have error messages as values. Some should be showstoppers (invalid ID) and some should just be used as warnings (invalid semver version, only for use with npm).
var validate = require("jetpack-validation");
var errors = validate("/path/to/my/addon");
if (Object.keys(errors).length) {
Object.keys(errors).forEach(function (key) {
console.error("Found " + key + " error: " + errors[key]);
});
} else {
console.log("No errors found!");
}
id
field, adhering to Mozilla's Add-on manifest rules as either a GUID or a domain (in the case of jetpack addons converted from the cfx tool), or just a valid name
field, which works as identification in jpm
addons, and is compatable with npm
's naming scheme.main
entry in the manifest refers to a file that exists, or resolves to a file that exists (using node loading rules), or that there is an index.js
file in the root.title
property to be displayed when using the addon, and falls back to the more strict name
property.name
property is a valid name for use with npm
.version
property is in proper semver format, for use with npm
, as Mozilla's toolkit version format is much less strict.MIT License, Copyright (c) 2014 Jordan Santell
FAQs
Validate a directory with a manifest for Firefox Addons using Jetpack and jpm
The npm package jetpack-validation receives a total of 695 weekly downloads. As such, jetpack-validation popularity was classified as not popular.
We found that jetpack-validation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.