Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The build tree structure used internally by mako
When working with mako build hooks, the first 2 arguments will be the current file
and the build
tree
respectively. Currently, both of those APIs are contained in this module, as they tightly
coupled and don't make much sense on their own. (at least at the current time)
Throughout the "analyze" phase, a tree is being built up, starting from the list of entry files. Each file being processed adds any direct dependencies, which will then recursively be processed to find more dependencies. Each vertex in the graph corresponds to some sort of input file.
During the "build" phase, the tree may be trimmed down, such as the case where the entire dependency chain for a JS file will be combined into a single output file. By the end of the build, each vertex in the graph corresponds to an output file.
As mako continues to be developed and evolve, some documentation and guides dedicated to plugin authors will surface. For now, the following is purely the API available to both the
file
andtree
parameters in plugins/hooks.
The Tree
constructor (documented below) is the primary export for the module. It must be used
with the new
keyword.
var Tree = require('mako-tree');
var tree = new Tree();
Each instance represents a build tree. Internally, a graph is used to manage the relationships between all the files being tracked.
NOTE: All paths are assumed to be absolute, this library makes no attempt to set a base/root directory and maintain relative paths.
Returns a Boolean
reflecting if the file at the given location
exists in this tree.
Adds a file at the given location
to the tree, if it is not already present, and returns the
corresponding File
instance.
Returns the File
instance for the file at the given location
. It is assumed to already be part
of the graph, and will throw an error if not found.
Removes the file at the given location
from the tree. To successfully remove a file, it must not
be depended on by another file. This is mostly a plumbing function, and plugin authors are likely
going to use removeDependency()
instead.
Returns an Array
of all the entry files in this graph. (in other words, files that are at the
top of the dependency chains)
Returns a Boolean
reflecting if the dependency relationship between parent
and child
already
exists in the tree.
Adds a new dependency relationship to the graph setting parent
as depending on child
. If
child
is not already part of the tree, it will be added. (however, if parent
is not in the tree,
that is assumed to be an error) This will return the File
instance for the child
file.
Removes the specified dependency relationship, basically saying that parent
no longer depends on
child
)
NOTE: If no other files depend on child
, it will be removed from the tree. This allows
plugins to only concern themselves with the relationships they are aware of, leaving the overall
tree management to mako.
A helper for moving a dependency on child
from one parent to another, which is more explicit than
manually adding and removing the dependency links. (which must be done in the right order due to
the automatic cleanup behavior of removing dependencies)
An example use case: after inlining a tree of CSS files, the images/fonts/etc will need to be moved from being dependencies of the input files, to the single output file.
Returns an Array
of files that are dependencies of the given file
.
By default, it will only return the direct descendants, but adding recursive
will return a flat
list of all the files down the entire dependency chain.
Returns an Array
of files that depend on the given file
.
By default, it will only return the direct ancestors, but adding recursive
will return a flat
list of all the files up the entire dependency chain.
Each instance represents a file in the overall build.
The absolute path to where this file exists on disk.
The current file type associated with this file. This value is used to determine what plugins/hooks need to be invoked at various stages.
When initialized, it will simply reflect the extension of File#path
. However, some plugins may
need to modify this value if they end up changing how it should be interpreted. For example, a
CoffeeScript plugin would switch from "coffee"
to "js"
.
This holds the current contents of the file. When first read, this property should be set, and subsequent changes to the source code should apply to this property.
FAQs
The build tree structure used internally by mako
The npm package mako-tree receives a total of 18 weekly downloads. As such, mako-tree popularity was classified as not popular.
We found that mako-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.