Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
node-riffraff-artefact
Advanced tools
Plugin for building deployable RiffRaff artefacts in Node.
This is a node plugin for creating RiffRaff artefacts that can then be deployed by RiffRaff. It builds the same package structure as the SBT equivalent.
To use it, ensure you have a package.json
located in the root
directoy of your project. There must be at the very minimum the
fields: name
(the name of your application) and
cloudformation
(the location of your cloudformation script
file).
You should also have a deploy.json
in your root directory that
can be read by RiffRaff, although the plugin will work without one.
Once you've set up the equivalent package.json, you will need to add
an npm task riffraff-artefact
. Running this will then generate
the artefact for you and upload it to S3.
You may then wish to add build hooks into whatever continuous deployment you're using to deploy your artefact.
You can enable more verbose logging setting the environment variable VERBOSE=true
.
By default, this plugin will build the tgz file from the default
directory (the root). You can configure this by setting buildDir
to whatever you want in the package.json file. Note that this is the
root directory that node will be run on. So a package.json with
relevant run scripts must be present.
Works on Circle CI and Travis.
If you want to support other continuous integration tools, have a look at settings.js
and configure the relevant environment variables to get information about the build.
npm build
FAQs
Deploy RiffRaff Artefacts
The npm package node-riffraff-artefact receives a total of 13 weekly downloads. As such, node-riffraff-artefact popularity was classified as not popular.
We found that node-riffraff-artefact demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 22 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.