Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
js-gardener
Advanced tools
Minimizes project setup and maintenance complexity, so you can focus on writing code.
Enforces highest code quality and minimizes package setup and maintenance complexity - so you can focus on writing code. Highly recommended if you are getting started with a new package and extremely useful if you are maintaining multiple packages.
git init
, git remote add origin URL
, git checkout -b master
npm init
and fill in details$ npm install --save-dev js-gardener
Create gruntfile.js
in the root folder with the following contents
module.exports = (grunt) => {
grunt.initConfig({
pkg: grunt.file.readJSON('package.json'),
gardener: {
this: {
options: {}
}
}
});
grunt.loadNpmTasks('js-gardener');
};
Then run
$ grunt gardener
This will generate some files and alter your existing package.json file.
Create your files in the lib
folder and corresponding tests in the test
folder (Mocha and Chai work great), and ensure everything works fine by running npm test
. Finalize your README.md and package.json and commit and push to GitHub.
Now configure your Badges.
To run all tests locally
$ npm test
and in debug mode with
$ npm test -- --debug
Folders - Write your tests in the test
and your code in the lib
folder. Only test files of the format test_*.js
are picked up.
Branches - You release branch is master
. Develop against develop
or feature branches. When you are ready for a release, merge your changes into master
.
Badges represent external services that integrate with your repository. The Badges are auto generated, but the services need to be enabled manually. This section will instruct you on how to set up and utilize each service. When completed, verify each service by clicking the corresponding badge.
Before configuring external services, ensure npm test
runs locally without errors and all changes are pushed.
Note: If you username is different between github and a service, you will need to adjust the badge url.
Type: array
Default: []
Array of tasks to skip. Should not be necessary to use unless you really need to. Available tasks are:
gardener_copy
: Copy template files and create foldersgardener_package
: Alter package.jsongardener_configure
: Alter other configuration filesgardener_badges
: Insert Badgesgardener_structure
: Enforce that test file structure matches lib contentgardener_eslint
: Ensure code is according to best eslint practisesyamllint
: Ensure yaml files are passing lintgardener_depcheck
: Ensure dependencies are installed as specified in package.jsongardener_depused
: Ensure all installed dependencies are usedmocha_istanbul
: Run tests in test
folder and force 100% coverageType: string
Default: process.cwd()
Specify the directory to run the tests against. Useful if you have multiple packages that you manage centralized from a parent folder.
Define files which should be excluded from coverage. Always excluded files can be found here.
Define files which should be excluded for eslint. Always excluded files can be found here.
Define packages that should be excluded from usage check. Useful when a false negative is detected, e.g. for plugins where usage is defined in configuration. Always excluded packages can be found here.
Define test files that should not be checked for structure. Usually not necessary. Always excluded test files can be found here.
While this project utilizes itself for testing - how cool is that? - a cleaner example (without the grunt file) can be found here.
Example project using js-gardener and lambda-tdd can be found here.
All my npm packages also utilize Gardener.
When you contribute to any Gardener repositories, always run npm test
locally before opening a PR.
FAQs
Minimizes project setup and maintenance complexity, so you can focus on writing code.
The npm package js-gardener receives a total of 1,219 weekly downloads. As such, js-gardener popularity was classified as popular.
We found that js-gardener demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.