Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
scratch-l10n
Advanced tools
Translation of all Scratch projects is managed on the Transifex service: https://www.transifex.com/llk/public
This repository collects translations submitted to the Scratch projects on Transifex. Please do not submit PRs. If you would like to contribute translations, please sign up to translate on Transifex.
import locales, {localeData, isRtl} from 'scratch-l10n';
import editorMessages from 'scratch-l10n/locales/editor-messages';
locales
: currently supported locales for the Scratch projectisRtl
: function that returns true if the locale is one that is written right-to-leftlocaleData
: locale data for the supported locales, in the format accepted by addLocaleData
required by react-intl
editorMessages
: the actual message strings for all supported locales for a particular resource. editorMessages
collects all the strings for the interface, extensions and paint-editor.scratch-l10n provides:
build-i18n-src
: script that uses babel and plugins to extract all FormattedMessage
strings for translation.
Combines the message from all the source files into one en.json
tx-push-src
: script to push the en.json
file to Transifex. Requires that the environment variable TX_TOKEN
is
set with a value that has developer access to the Scratch projects on Transifex (i.e. Scratch Team only)scratch-l10n
uses semantic versioning - breaking changes will increment the major version number, and new features
(e.g. a new language) will increment the minor version number. Pulling new translations from Transifex is automated
and will increase the patch version.
We are moving away from using the tx
cli, so the .tx/config
file will eventually be deprecated.
This project uses semantic release to ensure version bumps follow semver so that projects depending on it don't break unexpectedly.
In order to automatically determine version updates, semantic release expects commit messages to follow the conventional-changelog specification.
Here's a quick introduction:
fix:
if it fixes a bug but doesn't add any new functionality and doesn't change
the API.feat:
if it adds new functionality but maintains backwards compatibility.BREAKING CHANGE:
as a footer in your commit body, or add !
to the commit subject, if the change breaks
compatibility with existing code.chore:
, docs:
, etc., are allowed but will not change the version or cause a new release.
These should only be used for changes that do not affect functionality.For more examples, see the conventional commits documentation.
This will increase the z
in Version x.y.z
.
fix: fix typo in the sandwich-making instructions
This will increase the y
in Version x.y.z
and reset z
to 0.
feat: add support for halloumi cheese
Either of these will increase the x
in Version x.y.z
and reset y
and z
to 0.
fix: refine our definition of a sandwich
BREAKING CHANGE: support for hot dogs has been removed as we no longer consider them sandwiches
fix!: remove support for hot dogs as we no longer consider them sandwiches
You can use the commitizen CLI to make commits formatted in this way:
npm install -g commitizen@latest cz-conventional-changelog@latest
Now you're ready to make commits using git cz
.
FAQs
Localization for the Scratch 3.0 components
We found that scratch-l10n demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.