Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-core-utils
Advanced tools
CLI tools for Node.js Core collaborators.
git-node
: Custom Git commands for working with Node.js
core, e.g. landing Pull Requests.ncu-config
: Configure variables for node-core-utils
to use.ncu-team
: Listing members of a team, synchronizing
special blocks in files with the list of members.get-metadata
: Retrieving metadata for a Pull Request.
DEPRECATED: use git node metadata
instead.ncu-ci
: Parse the results of a Jenkins CI run and display a summary for all the failures.npm install -g node-core-utils
If you would prefer to build from the source, install and link:
git clone git@github.com:nodejs/node-core-utils.git
cd node-core-utils
npm install
npm link
Most of the tools need your GitHub credentials to work. You can either
If you prefer option 2, follow these instructions to create the token.
When creating the token, the following boxes need to be checked:
user:email
: Used by git-node
and get-metadata
to read the email of the
PR author in order to check if it matches the email of the commit author.read:org
: Used by ncu-team
to read the list of team members.Optionally, if you want to grant write access so git-node
can write comments:
public_repo
(or repo
if you intend to work with private repositories).You can also edit the permission of existing tokens later.
After the token is generated, create an rc file with the following content:
(~/.ncurc
or $XDG_CONFIG_HOME/ncurc
):
{
"username": "your_github_username",
"token": "token_that_you_created"
}
Note: you could use ncu-config
to configure these variables, but it's not
recommended to leave your tokens in your command line history.
The git-node
and ncu-ci
commands need to query the Node.js Jenkins API for
CI results, so you'll need to configure the Jenkins API token before using
these commands.
To obtain the Jenkins API token
Open
https://ci.nodejs.org/user/<your-github-username>/configure
(replace
<your-github-username> with your own GitHub username).
Click on the ADD NEW TOKEN
button in the API Token
section.
Enter an identifiable name (for example, node-core-utils
) for this
token in the inbox that appears, and click GENERATE
.
Copy the generated token.
Add it into your ncurc
file (~/.ncurc
or $XDG_CONFIG_HOME/ncurc
)
with jenkins_token
as key, like this:
{
"username": "your_github_username",
"token": "your_github_token",
"jenkins_token": "your_jenkins_token"
}
Put the following entries into your
global gitignore
file
($XDG_CONFIG_HOME/git/ignore
or a file specified by core.excludesFile
):
# node-core-utils configuration file
.ncurc
# node-core-utils working directory
.ncu
Mind that .ncu/land
could contain your access token since it contains the
serialized configurations.
If you ever accidentally commit your access token on GitHub, you can simply revoke that token and use a new one.
To add autocomplete just run git-node completion
and follow the instructions.
(same for the rest of the tools)
If you encounter an error that you cannot fix by yourself, please
NCU_VERBOSITY=debug
environment variable set and
open an issue at https://github.com/nodejs/node-core-utils/issues with
detailed logs.See CONTRIBUTING.md.
MIT. See LICENSE.
FAQs
Utilities for Node.js core collaborators
The npm package node-core-utils receives a total of 2,025 weekly downloads. As such, node-core-utils popularity was classified as popular.
We found that node-core-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.