Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Stop wasting time syncing and updating your project's README and Package Files!
Stop wasting time syncing and updating your project's README and Package Files!
This far, projectz is used directly by 802 repositories and 348 packages, and indirectly by 2936 repositories and 349 packages.
Here's some of the things it can do:
package.json
bower.json
component.json
jquery.json
README
CONTRIBUTING
LICENSE
BACKERS
HISTORY
Once installed locally, you can compile your project using projectz by running the following in your terminal:
npx projectz
To make projectz more automatic, we recommended adding the direct command above to your build tool.
If you don't use a build tool, but do use npm, then you can add the following to your project's package.json
file:
{
"scripts": {
"compile": "projectz",
"posttest": "projectz"
}
}
The compile
script here is runnable via the command npm run-script compile
and will compile your project with projectz.
The posttest
script here automatically compiles your project with projectz after your tests have successfully completed, providing you use npm test
to run your tests. This is a great place to put projectz as projectz only updates meta documents so won't affect your test, and will always run before a publish.
If you get a rate limit warning, you will need to add GITHUB_ACCESS_TOKEN
(or a GITHUB_CLIENT_ID
AND GITHUB_CLIENT_SECRET
combination) to your environment. To do this:
.bashrc
, .zshrc
) add export GITHUB_ACCESS_TOKEN="the token value"
export GITHUB_ACCESS_TOKEN="the token value"
in your current shellProjectz helps you maintain the following package files:
package.json
bower.json
component.json
jquery.json
It does this by reading them, combining their data in memory, and then outputting the appropriate fields and over-rides for each file.
If you are making use of multiple package files, you may find defining a projectz.json
package file will help, as it can serve as a central location for the configuration of all the other files. However, if you only require one package file, then you can ignore this ability.
Projectz takes notes of these meta data fields:
{
// Specify your project's human readable name
"title": "Projectz",
// Specify your project name
"name": "projectz",
// Specify your project's Website URL
"homepage": "https://github.com/bevry/projectz",
// Specify your project's demo URL
// If this is missing, and `homepage` is set, we set it to the `homepage` value
"demo": "https://github.com/bevry/projectz",
// Specify your project description
"description": "Stop wasting time syncing and updating your project's README and Package Files!",
// Specify your project's SPDX License
// Uses https://www.npmjs.com/packages/spdx for parsing
"license": "MIT",
// Specify your whether the project can run on the client-side in web browsers
// If this is missing, and the component or bower package files exist, then this becomes `true`
"browsers": true,
// Specify your project's author details
// Can be an array or CSV string
"author": "2013+ Bevry Pty Ltd <us@bevry.me> (http://bevry.me)",
// Specify your maintainers
"maintainers": [
"Benjamin Lupton (b@lupton.cc) (http://balupton.com)"
],
// Specify your sponsors
"sponsors": [
"Benjamin Lupton (b@lupton.cc) (http://balupton.com)"
],
// Specify your contributors
// This is automatically combined with the contributors from the GitHub Repository API
"contributors": [
"Benjamin Lupton (b@lupton.cc) (http://balupton.com)"
],
// Specify your project's repository details
// If this is missing, and `homepage` is a GitHub URL, this determined automatically
"repository": {
"type": "git",
"url": "https://github.com/bevry/projectz.git"
},
// Specify your project's issue tracker
// If this is missing, and `repository` is a GitHub repository, this determined automatically
"bugs": {
"url": "https://github.com/bevry/projectz/issues"
},
// Specify your project's badges for use in the readme files
// Projectz renders badges by sending the `badges` field to the `badges` package.
// Below is some sample projectz configuration for this field to render our most common badges.
// Even more badge types and configurations are available than just those included below.
// Complete details of what is available can be found over at the badges package:
// https://github.com/bevry/badges
"badges": {
"list": [
"travisci",
"npmversion",
"npmdownloads",
"daviddm",
"daviddmdev",
"---",
"slackin",
"patreon",
"gratipay",
"flattr",
"paypal",
"bitcoin",
"wishlist"
],
"config": {
"patreonUsername": "bevry",
"gratipayUsername": "bevry",
"flattrUsername": "balupton",
"paypalURL": "https://bevry.me/paypal",
"bitcoinURL": "https://bevry.me/bitcoin",
"wishlistURL": "https://bevry.me/wishlist",
"slackinURL": "https://slack.bevry.me"
}
},
// If you are using the projectz meta file, you can also define this field
// it allows you to set the configuration for other package systems
"packages": {
"bower": {},
"component": {},
"jquery": {}
}
}
Projectz helps you maintain the following readme files:
README.md
CONTRIBUTING.md
LICENSE.md
BACKERS.md
HISTORY.md
It does this by reading them, and replacing comment tags with the appropriate data.
The following comment tags are supported:
<!-- TITLE -->
— outputs the package's title
field<!-- BADGES -->
— outputs the badges you have enabled from your package's badges
field<!-- DESCRIPTION -->
— outputs the package's description
field<!-- INSTALL -->
— outputs the package's installation instructions<!-- HISTORY -->
— outputs a link to the HISTORY
file if it exists, otherwise if it is a Github repository, outputs a link to the releases page<!-- CONTRIBUTE -->
— outputs a link to the CONTRIBUTE
file if it exists<!-- BACKERS -->
— outputs who the backers are for the project, including maintainers, sponsors, funding badges, and contributors<!-- LICENSE -->
— outputs a summary of the license informationAs well as these comment tags for updating entire files:
<!-- LICENSEFILE -->
— outputs the complete license information<!-- BACKERSFILE -->
— same as <!-- BACKERS -->
but made for an individual file insteadAs an example, here is a a basic README.md
file:
<!-- TITLE -->
<!-- BADGES -->
<!-- DESCRIPTION -->
<!-- INSTALL -->
## Usage
Usage instructions go here
<!-- HISTORY -->
<!-- CONTRIBUTE -->
<!-- BACKERS -->
<!-- LICENSE -->
This README is also, expectedly, built with projectz. View its source.
npm install --global projectz
projectz
npm install --save projectz
npx projectz
import * as pkg from ('projectz')
const pkg = require('projectz')
This package is published with the following editions:
projectz/source/index.ts
is TypeScript source code with Import for modulesprojectz
aliases projectz/edition-es2022/index.js
projectz/edition-es2022/index.js
is TypeScript compiled against ES2022 for Node.js 20 with Require for modulesprojectz/edition-es2022-esm/index.js
is TypeScript compiled against ES2022 for Node.js 20 with Import for modulesprojectz/edition-types/index.d.ts
is TypeScript compiled Types with Import for modulesDiscover the release history by heading on over to the HISTORY.md
file.
Discover how to contribute via the CONTRIBUTING.md
file.
Unless stated otherwise all works are:
and licensed under:
v4.2.0 2023 December 30
FAQs
Stop wasting time syncing and updating your project's README and Package Files!
We found that projectz demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.