Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Merges one or more YAML files into a base file.
mermal
is available on NPM.
mermal
provides an API as well as a CLI.
# Locally
$ yarn add mermal # Using yarn
$ npm install mermal # Using npm
# Or globally
$ yarn global add mermal # Using yarn
$ npm install -g mermal # Using npm
All API methods returns with a promise.
import * as merge from 'mermal';
const base = `a:
b1: b1
b2: b2`;
const override = `a:
b1: b3
c:
d1: d1`;
merge.toYaml(base, override)
.then(console.log);
/**
* Log will read:
a:
b1: b3
b2: b2
c:
d1: d1
*/
toFile
toJson
toYaml
$ mermal -b base.yaml -s sub/ -o out.yaml
-b, --base <baseFile> Path to the base YAML file where other files will be merged into
-o, --out <outFile> Path to the YAML file that will be exported to. It will override any existing files
-s, --search <searchDir> A directory that will be searched for
-h, --help output usage information
See mermal --help
for more options.
merge-yaml
swagger-yaml
FAQs
Merges YAML files whilst following JSON references
The npm package mermal receives a total of 2 weekly downloads. As such, mermal popularity was classified as not popular.
We found that mermal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.