
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
sourcebit-transform-assets
Advanced tools
A Sourcebit plugin for downloading remote assets
This plugin looks for any assets that have been used in an entry, downloads the asset file to the local filesystem and replaces its URL in the referencing objects so that a local URL is used instead.
🚨 Caveat: The current version of this plugin is only capable of replacing assets when they are referenced from a field that is explicitly marked as containing assets. If an object contains an asset URL as part of a free-form field, like a string or a Markdown field, the remote URL will not be replaced.
To install the plugin and add it to your project, run:
npm install sourcebit-transform-assets --save
💡 You don't need to run this command if you start Sourcebit using the interactive setup process, as the CLI will install the plugin for you and add it as a dependency to your project.
The plugin accepts the following configuration parameters. They can be supplied in any of the following ways:
options
object of the plugin configuration block inside sourcebit.js
, with the value of the Property column as a key;sourcebit fetch
command;.env
file, with the value of the Env variable column separated by the value with an equals sign (e.g. MY_VARIABLE=my-value
);sourcebit fetch
command, using the value of the Parameter column as the name of the parameter (e.g. sourcebit fetch --my-parameter
).Property | Type | Visibility | Default value | Env variable | Parameter | Description |
---|---|---|---|---|---|---|
assetPath | String/Function | Public | assets | A function that determines the full path for each asset detected (see assetPath ). | ||
maximumSearchDepth | Number | Public | 5 | When recursively finding asset URLs in nested object, the plugin will stop at this depth. | ||
publicUrl | String/Function | Public | /assets | A function that determines the public URL for each asset (see publicUrl ). |
assetPath
If assetPath
is defined as a string, its value will be used as the path for the asset.
If assetPath
is a function, it will be invoked for each asset detected with two parameters:
entry
(Object): The entry in which the asset was detectedasset
(Object): The normalized asset objectIts return value will be used as the path for the asset.
publicUrl
If publicUrl
is defined as a string, its value will replace the original URL of the asset in any objects.
If publicUrl
is a function, it will be invoked for each asset detected with two parameters:
entry
(Object): The entry in which the asset was detectedasset
(Object): The normalized asset objectassetPath
(String): The local path where the asset has been savedIts return value will replace the original URL of the asset in any objects.
assetPath
and publicUrl
as strings
module.exports = {
plugins: [
{
module: require('sourcebit-transform-assets'),
options: {
assetPath: 'assets',
publicUrl: '/assets'
}
}
]
};
assetPath
and publicUrl
as functions
module.exports = {
plugins: [
{
module: require('sourcebit-transform-assets'),
options: {
assetPath: function(entry, asset) {
return `my-assets/${entry.someField}-${asset.fileName}`;
},
publicUrl: function(entry, asset, assetPath) {
return `https://something.example.com/public/${assetPath}`;
}
}
}
]
};
This plugin offers an interactive setup process via the npx create-sourcebit
command. It asks users to choose the assetPath
and publicUrl
options.
This plugin expects the following data buckets to exist:
models
: An array of content modelsThis plugin creates files on disk, in locations defined by the assetPath
option.
FAQs
A Sourcebit plugin for downloading assets
The npm package sourcebit-transform-assets receives a total of 11 weekly downloads. As such, sourcebit-transform-assets popularity was classified as not popular.
We found that sourcebit-transform-assets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.