Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
layer2storage
Advanced tools
npm t
: Run test suitenpm start
: Run npm run build
in watch modenpm run test:watch
: Run test suite in interactive watch modenpm run test:prod
: Run linting and generate coveragenpm run build
: Generate bundles and typings, create docsnpm run lint
: Lints codenpm run commit
: Commit using conventional commit style (husky will tell you to use it if you haven't :wink:)On library development, one might want to set some peer dependencies, and thus remove those from the final bundle. You can see in Rollup docs how to do that.
Good news: the setup is here for you, you must only include the dependency name in external
property within rollup.config.js
. For example, if you want to exclude lodash
, just write there external: ['lodash']
.
Prerequisites: you need to create/login accounts and add your project to:
Prerequisite for Windows: Semantic-release uses node-gyp so you will need to install Microsoft's windows-build-tools using this command:
npm install --global --production windows-build-tools
There is already set a precommit
hook for formatting your code with Prettier :nail_care:
By default, there are two disabled git hooks. They're set up when you run the npm run semantic-release-prepare
script. They make sure:
git push
This makes more sense in combination with automatic releases
Array.prototype.from
, Promise
, Map
... is undefined?TypeScript or Babel only provides down-emits on syntactical features (class
, let
, async/await
...), but not on functional features (Array.prototype.find
, Set
, Promise
...), . For that, you need Polyfills, such as core-js
or babel-polyfill
(which extends core-js
).
For a library, core-js
plays very nicely, since you can import just the polyfills you need:
import "core-js/fn/array/find"
import "core-js/fn/string/includes"
import "core-js/fn/promise"
...
FAQs
### NPM scripts
We found that layer2storage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.