Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
platformjs-cli
Advanced tools
Installs a command pjs
that includes convenience functions for working with git repositories, npm packages, and other common development scenarios.
Setup
$ pjs init # Initialize a "root" development directory
$ source pjs-bash # Let pjs interact with the bash environment
Common commands
$ pjs status # Recursively run git status for each git
# repo under the current directory and cd
# to the first with any uncomitted diffs
$ pjs publish # Tag, commit, push, and publish to NPM the
# repository in the current directory
$ pjs cd <name> # Change directory to the git repo under the
# root that most closely matches "name"
The pjs
command is intended to be installed globally:
$ npm install -g platformjs-cli
To define a root directory as a development "home", the pjs init
command can be used. This will define a .pjsconfig
for that subtree and create a pjs-bash
file to allow psj
to interact with the bash
environment. This only need to be run once in the directory.
$ pjs init
To allow pjs to interact with the bash
environment (e.g. change the current working directoy) during a session, pjs-bash
needs to be "source'd". This command needs to be run every session
(or included in your bash profile):
$ source pjs-bash
Changes directory to your development "home" directory.
# Needs to be run once to allow pjs to interact with the
# the bash environment
$ source pjs-bash
# Now becomes a shortcut to change directory to pjs "home"
# directory
$ psj home
Recursively runs and reports the results of git status
for the current directory and/or any sub-directories containing a .git
folder.
Recursively runs and reports the results of git pushall
for the current directory and/or any sub-directories containing a .git
folder.
In the current working directory:
package.json
v#.#.#
to gitnpm publish
on the updated packageThe command does some basic checks such as setting the version to 0.0.0
if the version has not yet been set, warning if there is no description field, aborting the publish is there are uncommitted changes in the working repo, etc.
FAQs
A simple command-line tool with git and npm convenience commands
We found that platformjs-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.