Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Execute CLI Statements based upon opt-in / out-out Rules.
Simply install locally as a development dependency to your project's package:
npm install --save-dev opt-cli
Opting in/out of a configured tasks, best use case is for ghooks. This discussion is the main motivation behind this module.
You can check out the eslint-find-new-rules/package.json for reference.
opt --in
"config": {
"ghooks": {
"pre-commit": "opt --in pre-commit --exec 'npm run validate'"
}
},
While commit
ing, npm run validate
will not be executed by default.
However, one can opt in by creating a .opt-in
file in the root of the project, with the content pre-commit
.opt-in
Each line in the .opt-in
file, is the keyword used after the opt --in
rule.
So for the above example, it's pre-commit
cat .opt-in
# "ghooks": {
# "pre-commit": "opt --in pre-commit --exec 'npm run validate'"
# }
pre-commit # the keyword used after the opt --in command
opt --out
opt --out
works exactly, the opposite way of opt --in
.
"config": {
"ghooks": {
"pre-commit": "opt --out pre-commit --exec 'npm run validate'"
}
},
In this case, npm run validate
will be executed before any changes can be commit
ed.
In order to opt out, you have to create a .opt-out
file in the root of the project, with the content pre-commit
.opt-out
Similar to .opt-in
file, each line in .opt-out
file, is the keyword used after the opt --out
rule.
So for the above example, it's pre-commit
cat .opt-out
# "ghooks": {
# "pre-commit": "opt --out pre-commit --exec 'npm run validate'"
# }
pre-commit # the keyword used after the opt --out command
.gitignore
to ignore this file.opt-in
, opt-out
files can contain multiple rules#
can be used to comment any rule.You may also include opt-cli as a library:
var opt = require( 'opt-cli' );
Given the example setup from above, usage would be as follows:
opt.testOptIn( 'pre-commit' ) === true
opt.testOptOut( 'pre-push' ) === true
Using opt.getExplicitOpts()
you would receive:
{
'pre-commit': true,
'pre-push': false
}
Rules to opt-into or opt-out of can also be specified using ...
in
or out
array of a package.json
's config.opt
field:"config": {
"opt": {
"in": [ "pre-commit" ],
"out": [ "pre-push" ]
}
},
OPT_IN
and OPT_OUT
:# Delimit multiple rules with ":" on *nix / ";" on Win
export OPT_IN="pre-commit"
export OPT_OUT="pre-push"
Kent C. Dodds 💻 👀 | Guilherme J. Tramontina 💻 | Andreas Windt 💻 📖 ⚠️ | Sarbbottam Bandyopadhyay 📖 | Suhas Karanth 🐛 💻 |
---|
This project follows the all-contributors specification (emoji key). Contributions of any kind welcome!
Special thanks to @kentcdodds for encouraging to engage in oss, for the wonderful resources (check out the Egghead videos!) and — together with gtramontina — for coming up with the original idea to this module!
FAQs
Execute CLI Statements based upon Opt-In / Opt-Out Rules.
The npm package opt-cli receives a total of 20,580 weekly downloads. As such, opt-cli popularity was classified as popular.
We found that opt-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.