Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
oryx-dev-cli
Advanced tools
A command-line tool for local Medusa development. When doing development work on Medusa core, this tool allows you to copy the changes to the various Medusa packages to Medusa projects.
npm install -g medusa-dev-cli
The medusa-dev-cli tool needs to know where your cloned Medusa repository is located. You typically only need to configure this once.
medusa-dev --set-path-to-repo /path/to/my/cloned/version/medusa
Navigate to the project you want to link to your forked Medusa repository and run:
medusa-dev
The tool will then scan your project's package.json to find its Medusa dependencies and copy the latest source from your cloned version of Medusa into your project's node_modules folder. A watch task is then created to re-copy any modules that might change while you're working on the code, so you can leave this program running.
Typically you'll also want to run npm run watch
in the Medusa repo to set up
watchers to build Medusa source code.
If you've recently run medusa-dev
your node_modules
will be out of sync with current published packages. In order to undo this, you can remove the node_modules
directory or run:
git checkout package.json; yarn --force
or
git checkout package.json; npm install --force
--packages
You can prevent the automatic dependencies scan and instead specify a list of
packages you want to link by using the --packages
option:
medusa-dev --packages @medusajs/medusa medusa-interfaces
--scan-once
With this flag, the tool will do an initial scan and copy and then quit. This is useful for setting up automated testing/builds of Medusa projects from the latest code.
--quiet
Don't output anything except for a success message when used together with
--scan-once
.
--copy-all
Copy all modules/files in the medusa source repo in packages/
--force-install
Disables copying files into node_modules and forces usage of local npm repository.
FAQs
CLI helpers for contributors working on Oryx
The npm package oryx-dev-cli receives a total of 0 weekly downloads. As such, oryx-dev-cli popularity was classified as not popular.
We found that oryx-dev-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.