Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
Package was removed
Sorry, it seems this package was removed from the registry
NCMP - NPM Client Modules Postprocessor
NCMP is a simple tool which allows you to perform some postprocessing after npm installs or updates. It is mainly designed for usage in client infrastructures. So if you use npm as your main client package manager.
Installation
npm install ncmp
Configuration
One of the goals of this project is to provide a modular as possible tool for npm postprocessing in web client infrastructures. The developers should have full control about all steps at any time.
The following snippet shows a example ncmp.json configuration file:
{
"packages": {
"jquery": ["dist/jquery.js", "dist/jquery.min.js"],
"aurelia-framework": "dist/amd/aurelia-framework.js",
"aurelia-templating": "dist/amd/aurelia-templating.js"
},
"ignore": [
"bootstrap"
],
"plugins": []
}
packages
Contains all "registered" packages for further postprocessing. It's a mapping of package names to files for processing.
ignore
All package names listed here are ignored for further steps.
plugins
Lists a set of plugins (in their execution order) which can do more specific postprocessing.
Command-line interface
NCMP has a command-line interface. The following commands are available:
init
With ncmp init you can initialize your local ncmp installation. It creates you a new ncmp.json
(if it does not exists) with the default values in it.
install
This is the main command from ncmp. It executes all configured plugins in a chain.
scan
Detects all new installed or uninstalled packages (listed under "dependencies" in package.json) and modifies the
ncmp.json in this way. Use -s or --silent to avoid user prompts.
Plugins
Writing Plugins
There are some requirements for new plugins:
- The name of the plugin npm module has to be
ncmp-XXX-plugin. Where XXX is the string for the "plugins" config section. - The main file has to define and export a function with this signature:
runPlugin(chain). The chain has to be returned directly or as promise. - To retrieve the config you have to reference
ncmpas a peerDependency. You can fetch the config withconfigManager.load()with the exported configManager variable. - If you want to change the config in your plugin you have to use
configManager.save(newConfig). - Create a pull request for this README and extend the list of plugins above.
License
MIT
Keywords
FAQs
NPM client modules postprocessor
The npm package ncmp receives a total of 0 weekly downloads. As such, ncmp popularity was classified as not popular.
We found that ncmp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Apr 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026