Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
[![styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier) [![Greenkeeper badge](https://badges.greenkeeper.io/alexjoverm/typescript-library-starter.svg)](https://greenkeeper.io/) [![Travi
A starter project that makes creating a TypeScript library extremely easy.
git clone https://github.com/alexjoverm/typescript-library-starter.git YOURFOLDERNAME
cd YOURFOLDERNAME
# Run npm install and write your library name when asked. That's all!
npm install
Start coding! package.json
and entry files are already set up for you, so don't worry about linking to your main file, typings, etc. Just keep those files with the same name.
npm install
things will setup for you :wink:gh-pages
, using TypeDoc(*.d.ts)
file generationYou can import the generated bundle to use the whole library generated by this starter:
import myLib from 'mylib'
Additionally, you can import the transpiled modules from dist/lib
in case you have a modular library:
import something from 'mylib/dist/lib/something'
npm t
: Run test suitenpm start
: Run npm run build
in watch modenpm run test:watch
: Run test suite in interactive watch modenpm run test:prod
: Run linting and generate coveragenpm run build
: Generate bundles and typings, create docsnpm run lint
: Lints codenpm run commit
: Commit using conventional commit style (husky will tell you to use it if you haven't :wink:)On library development, one might want to set some peer dependencies, and thus remove those from the final bundle. You can see in Rollup docs how to do that.
Good news: the setup is here for you, you must only include the dependency name in external
property within rollup.config.js
. For example, if you want to exclude lodash
, just write there external: ['lodash']
.
Prerequisites: you need to create/login accounts and add your project to:
Prerequisite for Windows: Semantic-release uses node-gyp so you will need to install Microsoft's windows-build-tools using this command:
npm install --global --production windows-build-tools
Follow the console instructions to install semantic release and run it (answer NO to "Do you want a .travis.yml
file with semantic-release setup?").
Note: make sure you've setup repository.url
in your package.json
file
npm install -g semantic-release-cli
semantic-release-cli setup
# IMPORTANT!! Answer NO to "Do you want a `.travis.yml` file with semantic-release setup?" question. It is already prepared for you :P
From now on, you'll need to use npm run commit
, which is a convenient way to create conventional commits.
Automatic releases are possible thanks to semantic release, which publishes your code automatically on github and npm, plus generates automatically a changelog. This setup is highly influenced by Kent C. Dodds course on egghead.io
There is already set a precommit
hook for formatting your code with Prettier :nail_care:
By default, there are two disabled git hooks. They're set up when you run the npm run semantic-release-prepare
script. They make sure:
git push
This makes more sense in combination with automatic releases
Array.prototype.from
, Promise
, Map
... is undefined?TypeScript or Babel only provides down-emits on syntactical features (class
, let
, async/await
...), but not on functional features (Array.prototype.find
, Set
, Promise
...), . For that, you need Polyfills, such as core-js
or babel-polyfill
(which extends core-js
).
For a library, core-js
plays very nicely, since you can import just the polyfills you need:
import "core-js/fn/array/find"
import "core-js/fn/string/includes"
import "core-js/fn/promise"
...
npm install
doing on first run?It runs the script tools/init
which sets up everything for you. In short, it:
package.json
(typings file, main file, etc)Then you may want to:
commitmsg
, postinstall
scripts from package.json
. That will not use those git hooks to make sure you make a conventional commitnpm run semantic-release
from .travis.yml
Remove npm run report-coverage
from .travis.yml
typescript-library-starter
Here are some projects that use typescript-library-starter
:
Made with :heart: by @alexjoverm and all these wonderful contributors (emoji key):
This project follows the all-contributors specification. Contributions of any kind are welcome!
FAQs
This repo will hold some utilities that can be used in addition to Nx.
The npm package nx-etc receives a total of 0 weekly downloads. As such, nx-etc popularity was classified as not popular.
We found that nx-etc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.