Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
roots-netlify
Advanced tools
A roots extension for creating Netlify configuration files.
Note: This project is in early development, and versioning is a little different. Read this for more details.
Netlify is a great static hosting platform that allows developers to add powerful features to their static sites, like redirects & rewrites and headers & basic auth.
This abstracts Netlify's config files into your app.coffee
with the rest of your configs so they can be one big happy family. This also allows you to create different Netlify configs based on your roots environment.
It's also a common roots convention to start files with an _
to ignore them during compilation. Since Netlify would normally be configured with a _headers
and _redirects
file, using this extension allows you keep that nice clean convention throughout the whole project.
npm install roots-netlify --save
app.coffee
file to include the extension, as suchnetlify = require 'roots-netlify'
module.exports =
extensions: [
netlify
redirects: [
'/news /blog 200'
'/news/:year/:month:/:date/:slug /blog/:year/:month/:date/:story_id 200'
'/news/* /blog/:splat 200'
'/redirect / 301'
'/temp_redirect / 302'
'/ecommerce /closed 404'
]
headers:
'/protected/path':
'Cache-Control': 'max-age: 3000'
'Basic-Auth': 'username:password'
'/*':
'X-Frame-Options': 'DENY'
'X-XSS-Protection': '1; mode=block'
]
Read the Netlify documentation on redirects and headers to learn more.
The redirects
property accepts an array of redirects or rewrite rules (in order) with their respective HTTP code appended at the end as described in Netlify's documentation.
Instead of passing the regular options object into the extension, you can also pass a promise for an options object in case you need to perform any asynchronous work (such as loading a file or making an http request) before configuring roots-netlify.
fs = require 'fs'
nodefn = require 'when/node'
yaml = require 'js-yaml'
config = nodefn.call(fs.readFile, 'config.yaml')
.then (contents) -> yaml.safeLoad(contents)
module.exports =
extensions: [
netlify(config)
]
FAQs
A roots extension for configuring netlify
The npm package roots-netlify receives a total of 1 weekly downloads. As such, roots-netlify popularity was classified as not popular.
We found that roots-netlify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.