Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
v3.1.0
In this document |
---|
Introduction |
Not a module |
Getting started |
Contribute |
Version history |
Plexiform is a rudimentary code generator.
It doesn't know any language, nor does it know how to reverse-engineer anything. It's really just a simple formalisation of JavaScript template literals, to expose a basic templating system.
But that's still incredibly useful, as it takes the effort and risk out of any repetitious task.
Perfect the code elsewhere, then use this to churn out more code than you could bear to hand-crank!
Please note that this is not a Node module, it is a command line tool.
Therefore it should be installed globally, not locally.
npm install -g plexiform
plexiform init
and edit it accordingly.plexiform build
See the included boilerplate example to get you started
The simplest specification file is in JSON format, and is directly 'required' in and processed by the build script.
But you can use a specification written in any format, as long as your build script also offers a process
method to turn it into a suitable object.
If you wish to express your specification in markdown then a further feature is built-in...
To make your specifications neater, plexiform offers the proprietary MdDom markdown parser.
If your specification file has the ".md" extension then it will be pre-processed into a reasonably usefully deconstructed object model. It is that which is then passed in to your build script's process
method.
Markdown specifications are recommended as they are both readable and freely parsed.
An online gallery to host your specification files and make them centrally available. With versioning.
plexiform gallery new | save | secret | publish
plexiform gallery list | query | fetch
And the back-end was generated by plexiform-build-api, of course :)
FAQs
A very simple template-driven generator.
The npm package plexiform receives a total of 5 weekly downloads. As such, plexiform popularity was classified as not popular.
We found that plexiform demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.