
Security News
PodRocket Podcast: Inside the Recent npm Supply Chain Attacks
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Chill with streams at the RxBeach
RxBeach is a toolbox for creating applications that use streams to manage state. It is in the very early stages of implementation, and the API will change continuously.
The documentation is published at https://ardoq.github.io/rxbeach/ and there is also a good deal of JSDoc comments in the code.
Code is hosted in the GitHub repo ardoq/rxbeach.
We have a .git-blame-ignore-revs
file for ignoring commits with style changes
in git blame. You can configure git to use it, and VSCode and others will
respect the setting:
git config blame.ignoreRevsFile .git-blame-ignore-revs
We use dependabot to keep dependencies up to date. This is nice, because it shows us exactly where dependencies breaks our build.
To satisfy Ardoq's review policy, you should merge Dependabot PRs by approving the PR with the message @dependabot merge
.
yarn lint && yarn build && yarn test
yarn standard-version
git push --follow-tags
yarn publish
FAQs
Chill with streams at the RxBeach
The npm package rxbeach receives a total of 12 weekly downloads. As such, rxbeach popularity was classified as not popular.
We found that rxbeach demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.