Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Precompile your node modules, use npm as your data store:
coolmodule
optional:
coolmodule-shyp-win32-x64
coolmodule-shyp-win32-ia32
coolmodule-shyp-darwin-x64
coolmodule-shyp-darwin-ia32
...
To install
npm install -g node-shyp
node-shyp is simple. All your node-gyp configuration works as before, with just a few modifications to package.json
.
node-shyp init
to create default shyp-blacklist.js
file in your root"scripts": {
"install": "node shyp-blacklist.js win32-x64 [etc...] || node-gyp rebuild"
}
Node will only install those dependencies that match your arch/platform (due to the published code's package.json settings).
{
"version": "1.1.3",
"optionalDependencies": {
"coolmodule-shyp-win32-x64": "1.1.x",
...
}
}
node-shyp publish
from the root directory on each platform you build for.This will publish the compiled versions of the code to npm.
npm install bindings-shyp
to load the precompiled version or the loaded version.Just like the bindings
module.
module.exports = require('bindings-shyp')('canvas')
Shyp automatically compiles against multiple Node versions for compatibility. (As of Feb 2013, releasing for stable versions means building against 0.8.26 and 0.10.26.) These are hardcoded though they probably shouldn't be.
0.8.x
uses the tag "v8.3-11" for its node version.0.10.x
uses the tag "v8.3-14" until 0.10.4
, where NODE_MODULE_VERSION is exposed. Shyp hardcodes this version to equal "node-v11".0.10.4
onward uses "node-v11".0.11.x
uses "node-v14".MIT
FAQs
Precompile your node modules, use npm as your data store:
The npm package node-shyp receives a total of 1 weekly downloads. As such, node-shyp popularity was classified as not popular.
We found that node-shyp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.