Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
[![CircleCI](https://circleci.com/gh/SAP/cloud-mta.svg?style=svg&circle-token=ecedd1dce3592adcd72ee4c61481972c32dcfad7)](https://circleci.com/gh/SAP/cloud-mta) [![Go Report Card](https://goreportcard.com/badge/github.com/SAP/cloud-mta)](https://goreportca
MTA tool for exploring and validating the multitarget application descriptor (mta.yaml
).
The tool can be used as a Go library or as a command-line tool, also available as an npm package.
A multitarget application is a package comprised of multiple application and resource modules that have been created using different technologies and deployed to different run-times; however, they have a common life cycle. A user can bundle the modules together using the mta.yaml
file, describe them along with their inter-dependencies to other modules, services, and interfaces, and package them in an MTA project.
The tool commands (APIs) are used to do the following:
mta.yaml
file objects, such as retrieving a list of resources required by a specific module.mta.yaml
file against a specified schema version.mta.yaml
file, such as the uniqueness of module/resources names, the resolution of requires/provides pairs, and so on.path
attribute reference in an existing project folder.Set your workspace.
Download and install it:
$ go get github.com/SAP/cloud-mta/mta
Import it into your source code:
import "github.com/SAP/cloud-mta/mta"
Quick start example:
// sets the path to the MTA project.
mf, _ := ioutil.ReadFile("/path/mta.yaml")
// Returns an MTA object.
if err != nil {
return err
}
// unmarshal MTA content.
m := Unmarshal(mf)
if err != nil {
return err
}
// Returns the module properties.
module, err := m.GetModuleByName(moduleName)
if err != nil {
return err
}
Some of the tool's features are available as an command-line tool, which can be downloaded from the GitHub releases page or installed as an npm package.
The commands of the CLI tool are used as APIs by other programs, such as the mta-lib
npm package which exposes Javascript APIs for reading and manipulating the mta.yaml
file.
mta
The mta
npm package installs the executable and allows you to run it from a shell or command line.
You can install it globally via the command:
npm install -g mta
mta-local
The mta-local
npm package exposes the same CLI tool without installing it globally. It is packaged by other libraries, and it provides a way to lazily download the executable according to the current operating system and run it.
You can use it in the following way:
// You can use "cross-spawn" library instead of "process" for compatibility to Windows systems
const { spawn } = require("process");
const mtaPath = require("mta-local").paths["mta"];
const childProcess = spawn(mtaPath, args);
// Handle the process events ...
To use these npm libraries from an application packaged with webpack, you have to copy the bin/mta
file to the webpack output directory (keeping the same file structure), make it executable and enable __dirname
to be used.
Note: while the packaged bin/mta
file is already executable, the CopyWebpackPlugin
loses the executable bits during the copy. See this issue.
For example, if the results are in the dist
folder, add this configuration inside your webpack configuration file:
const path = require("path");
const fs = require("fs");
const CopyWebpackPlugin = require("copy-webpack-plugin");
const config = {
// ...
node: {
__dirname: false,
},
plugins: [
new CopyWebpackPlugin({
patterns: [
{
from: path.join(require.resolve("mta-local"), "..", "bin"),
to: path.resolve(__dirname, "dist", "bin"),
}
]
}),
function (compiler) {
compiler.hooks.done.tap("ExecuteChmodOnBinMta", () => {
fs.chmodSync(path.resolve(__dirname, "dist", "bin", "mta"), "755");
});
}
]
};
Note: if you did not previously use copy-webpack-plugin
you will need to add it to the devDependencies
in your package.json
file.
More and more npm packages use ECMAScript modules instead of commonJS, for ECMAScript modules are the official standard format to package JavaScript code for reuse. From v1.0.5, we use axios instead of binwrap(which has moderate severity vulnerabilities) to download binary files, but axios only supports ECMAScript modules and can't work on Node.js v10 and lower minor version of Node.js v11, v12, v13. The axios can work on latest version of Node.js v11.15, v12.22, v13.14. So since v1.0.5, mta will not support Node.js v10 and lower versions, including lower minor version of Node.js v11, v12, v13.
Contributions are greatly appreciated. See CONTRIBUTING.md for details.
Please follow our issue template on how to report an issue.
FAQs
[![CircleCI](https://circleci.com/gh/SAP/cloud-mta.svg?style=svg&circle-token=ecedd1dce3592adcd72ee4c61481972c32dcfad7)](https://circleci.com/gh/SAP/cloud-mta) [![Go Report Card](https://goreportcard.com/badge/github.com/SAP/cloud-mta)](https://goreportca
The npm package mta-local receives a total of 93,486 weekly downloads. As such, mta-local popularity was classified as popular.
We found that mta-local demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.