Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
metalsmith-loader
Advanced tools
Loads Metalsmith as well as metalsmith plugins using globbing patterns similar to `load-grunt-task`
Loads Metalsmith as well as multiple metalsmith plugins using globbing patterns
This plugin takes reference from / works similarly to load-grunt-task
, allowing you to read the dependencies
/devDependencies
/peerDependencies
in your package.json and load metalsmith plugins that matches the provided patterns.
Usually you would have to load each plugin one by one, which is unnecessarily cumbersome.
That aside, it also gives an option to load metalsmith library itself.
var Metalsmith = require('metalsmith');
var drafts = require('metalsmith-drafts');
var permalinks = require('metalsmith-permalinks');
var collections = require('metalsmith-collections');
require('metalsmith-loader')();
Install with npm: npm install --save-dev metalsmith-loader
Simplest use case:
var config = require('metalsmith-loader')();
Metalsmith(__dirname).use(config.collections());
or if you want it global:
require('metalsmith-loader')({global: true);
Metalsmith(__dirname).use(collections());
To specify additional options:
require('metalsmith-loader')({
core: true,
pattern: 'metalsmith-*',
config: '../package.json',
scope: 'devDependencies',
global: true
});
core
(optional)Type: boolean
Default: false
Determines if metalsmith should be loaded.
pattern
(optional)Type: String|Object
Default: metalsmith-*
By default metalsmith-*
will be used as the globbing pattern.
config
(optional)Type: String|Object
Default: Path to nearest package.json
scope
(optional)Type: String|Array
Default: ['dependencies', 'devDependencies', 'peerDependencies']
global
(optional)Type: boolean
Default: false
Determines if plugin should require modules into the global variable environment or put the modules into a return object / dictionary.
FAQs
Loads Metalsmith as well as metalsmith plugins using globbing patterns similar to `load-grunt-task`
We found that metalsmith-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.