Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
pull-request-size-reminder
Advanced tools
A command-line tool that queries git
, reporting the size of your next pull request.
In a busy team you want to minimise the amount of time your colleagues spend reviewing your code. Small pull requests are usually the result of stories with a well-defined scope. Even with that, sometimes it gets away from us - especially if you are unfamiliar with the code. This package is intended to remind developers that the inevitable pull request may be large enough to annoy your colleagues.
It is intended to be used in a pre-commit and/or pre-push git hook, and is particularly useful in new projects or teams with less experienced developers.
npm install --save-dev pull-request-size-reminder
You can call the package from the command-line, through node.
npx pull-request-size-reminder
The intended use is in conjunction with husky
git hooks - precommit
and/or prepush
. Your project's package.json
should be configured as below.
{
"scripts": {
"precommit": "npx pull-request-size-reminder"
}
}
If you already have a precommit
script then
{
"scripts": {
"precommit": "someScript && node pull-request-size-reminder"
}
}
The default configuration outputs a
None yet!
FAQs
CLI to check potential size of pull request
We found that pull-request-size-reminder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.