Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
v1.3.5
In this document |
---|
Introduction |
Not a module |
Getting started |
Contribute |
Version history |
Plexiform is a rudimentary code generator.
It doesn't know any language, nor does it know how to reverse-engineer anything. It's really just a simple formalisation of JavaScript template literals, to expose a basic templating system.
But that's still incredibly useful, as it takes the effort and risk out of any repetitious task.
Perfect the code elsewhere, then use this to churn out more code than you could bear to hand-crank!
Please note that this is not a Node module, it is a Node script for running in the shell.
I apologise if my npm
etiquette is lacking, please forgive a first-timer :)
npm install -g plexiform
plexiform --init
and edit it accordingly.plexiform
See the included boilerplate example to get you started
Date | Version | Author | Details |
---|---|---|---|
2017-08-03 | v0.0.0 | Raith | Initiated |
2017-08-04 | v0.0.1 | Raith | Named and stabilised |
2017-08-24 | v0.1.1 | Raith | Updates |
2017-08-28 | v1.0.0 | Raith | Published to npm |
2017-08-28 | v1.1.0 | Raith | Fixed paths so can run as 'plexiform' bin in shell |
2017-08-28 | v1.1.1 | Raith | Removed a couple of non-boilerplate configs |
2017-09-03 | v1.2.0 | Raith | Can now --init and build from a config file |
2017-09-03 | v1.2.1 | Raith | Bug fix |
2017-09-03 | v1.3.0 | Raith | Utilises process-argv and changed to explicit command line arguments rather than positional parameters |
2017-09-03 | v1.3.1 | Raith | No more assumption about file extensions. Now need to specify them for build and config |
2017-09-08 | v1.3.2 | Raith | Refactor base config and utils into own files |
2017-09-11 | v1.3.3 | Raith | Refactor and fix TS nullable types |
2017-09-13 | v1.3.4 | Raith | Tidy option in OutputFile |
2017-09-15 | v1.3.5 | Raith | Added support for MarkDown config :) |
FAQs
A very simple template-driven generator.
The npm package plexiform receives a total of 5 weekly downloads. As such, plexiform popularity was classified as not popular.
We found that plexiform demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.