
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
lighting-plugin-native
Advanced tools
> lighting-plugin-native 用于采用配置化的方式开发 APP 程序,读取工程根目录下的 /native/config.js 中的配置,生成 LightApp 的资源包。
lighting-plugin-native 用于采用配置化的方式开发 APP 程序,读取工程根目录下的 /native/config.js 中的配置,生成 LightApp 的资源包。
在工程根目录下的 project.json 中的 plugins 字段中注册 native 插件:
{
"project":"lightdemo",
"version":"0.0.1",
"desc":"lightdemo",
"type":"vue",
"plugins":["native"]
}
在 /native/config.js 中配置(点击查看更多配置):
module.exports = {
menuBar:{
backgroundColor:"#ffffff",//背景色
defaultColor:"#ffffff",//默认菜单颜色
selectedColor:"#0078ff",//菜单选中颜色
//使用字体图标自动生成图片,省去了开发者自己制作多张图的问题
iconFontFrom:"/native/iconfont.ttf",
menus:[{
text:'首页',//菜单的文本
icon:'0xe605',//菜单图标在字体中的码点可以查看对应的css文件了解具体的码点,具体格式为0xabcd
view:"home",//当前菜单对应的视图名称,视图必须在views属性中定义
}],
views:{
"home":{
url:"app.native.js#/home",
navBar:{
type:"0"
}
}
}
}
};
使用指令 light create -t app 创建做包工程。
编辑 native 目录下的资源文件,如 native/config.js 定义整包配置项目。
使用 light release -p 指令做打包操作,将生成的 zip 包上传到平台对应应用的条目内。
使用平台的在线构建编译能力输出可安装的安装包。
了解更多 lighting-plugin-native 插件的信息,请点击这里。
FAQs
> lighting-plugin-native 用于采用配置化的方式开发 APP 程序,读取工程根目录下的 /native/config.js 中的配置,生成 LightApp 的资源包。
The npm package lighting-plugin-native receives a total of 142 weekly downloads. As such, lighting-plugin-native popularity was classified as not popular.
We found that lighting-plugin-native demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.