Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
pressbooks-build-tools
Advanced tools
NPM package which includes all asset linting and build tools for Pressbooks projects.
NPM package which includes all asset linting and build tools for Pressbooks projects.
cd ~/code/pressbooks-dev/site/web/app/plugins/pressbooks
npm install --no-save pressbooks-build-tools
When installing pressbooks-build-tools
you install 955+ directories under node_modules
. These modules are used to compile and copy files to assets/dist
. These
node_modules
are never used in our code, never deployed.
When maintaining dozens & dozens of plugins & themes, 1 dependabot nag about some module in pressbooks-build-tools
equals updating many, many GitHub repos to fix code we never
deploy. It's not fun. For this reason we don't include pressbooks-build-tools
in our plugins or themes package.json
file.
Version 3.0 of pressbooks-build-tools
includes Laravel Mix 6.0, and as such will require some changes to build scripts wherever it is used. For example, the build task used in testing this package used to require the following script:
cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --no-progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js
The same build task can now be run using a new mix
executable with an appropriate flag:
mix --production
For the full list of scripts and their replacements, see the Laravel Mix documentation.
This repo includes a boilerplate webpack.mix.js
configuration used to test that, at the very least, .js
and .scss
files compile and that linters run. To run the test do:
npm install
npm run test
Expected: No errors. Everything is fine.
FAQs
NPM package which includes all asset linting and build tools for Pressbooks projects.
The npm package pressbooks-build-tools receives a total of 5 weekly downloads. As such, pressbooks-build-tools popularity was classified as not popular.
We found that pressbooks-build-tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.