Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
on-the-githubs
Advanced tools
Readme
Demo: http://kvz.github.io/on-the-githubs/#repos/kvz/nsfailover
To grow an open-source community it helps if your site has an active overview of what's going on and who is contributing.
The GitHub API3 provides all the information we need, but you may hit rate-limiters, or find it hard / have no time to embed this data into your website.
This project aims to make it deadsimple to add community info & activity feeds to your project's site.
On the Githubs is a jquery plugin for a near-realtime overview of activity of a user, project or organisation. It does not require any buildsteps or setup, just add a few lines of code to your project's HTML.
Demo: http://kvz.github.io/on-the-githubs/#repos/kvz/nsfailover
Or your own:
To embed this into your site, add a few lines of code:
<link href="//kvz.github.io/on-the-githubs/css/on-the-githubs.min.css" rel="stylesheet" />
<div class="on-the-githubs" data-event-source="repos/kvz/nsfailover">Loading...</div>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script src="//kvz.github.io/on-the-githubs/js/jquery.on-the-githubs.min.js"></script>
<script type="text/javascript">
$('.on-the-githubs').onthegithubs();
// If you use bootstrap and want to enable tooltips
// $('a[rel]').tooltip();
</script>
Don't forget to change the data-event-source
to repos/{user}
/{repo}
.
For local development, here's how to run the repo-included demo:
npm install --dev
make build
node demo-server.js
Activity is limited to the last 20-100 events, but communities grow big. If you want to give credit where credit is due and show all the faces that make your community, we can't just pull that in in realtime from the API without hindering the UI or hitting GitHub's rate-limiter.
So this is something we have to aggregate, cache, and compile at your site's buildtime.
Get all people involved with kvz/nsfailver
and echo as json to stdout
./bin/in-the-githubs --user kvz --repo nsfailover --format json --output -
Index an entire organization, read test/about.md
, search it for the {{community}}
tag,
replace it with the entire tus
community, write it to test/about-with-community.md
, do this with 1
request at a time, to ensure the order of userpaths. Enable debug
ging to see what's going on, because with the amount of API requests & GitHubs rate-limiting, this is going to take a while (the script automatically waits as to not have your IP banned by GitHub).
./bin/in-the-githubs \
--user tus \
--repo tus.io,tusd,tus-jquery-client,tus-ios-client,tus-android-client,tus-resumable-upload-protocol \
--format html \
--concurrency 1 \
--input demo.html \
--tag '<div class="in-the-githubs" />' \
--output demo-with-community.html \
--debug
Help:
./bin/in-the-githubs -h
Let's say your site is now built with Jekyll into ./_site
.
You have an about.md
that you want to add community faces to.
First, let's make on-the-githubs a dependency:
[ -d node_modules ] || mkdir node_modules
npm install on-the-githubs --save
Now add something like this to a Makefile
:
community:
node_modules/on-the-githubs/bin/in-the-githubs \
--user tus \
--repo tusd,tus-jquery-client \
--format html \
--concurrency 1 \
--input _site/about.html \
--tag '<p>replaced-by-in-the-githubs</p>' \
--output _site/about.html \
--debug
Now if you type make community
after jekyll build
, in-the-githubs
will look for the
<p>replaced-by-in-the-githubs</p>
placeholder, and replace it with all the involved GitHub
profiles.
By default, in-the-githubs
caches to ~/.in-the-githubs/
to avoid rate-limiters.
This project is licensed under the MIT license, see LICENSE.txt
.
Contains code of jquery-timeago by Ryan McGeary
FAQs
Uses GitHub API3 to aggregate community activity of open source projects
The npm package on-the-githubs receives a total of 8 weekly downloads. As such, on-the-githubs popularity was classified as not popular.
We found that on-the-githubs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.