Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
sprucebot-cli
Advanced tools
Hey, I'm Sprucebot! This CLI was designed to give you the tools you need to begin building skills to help brick-and-mortar businesses thrive in the Internet age.
Our goal is to connect people, not replace them. So make sure your skill promotes human-to-human connection.
First there were desktop applications, then mobile apps, now we are entering the Decade of the Skill
! 💥💥💥
They are the next step in App Evolution
. They are interface agnostic. They react to real world events.
Beyond reacting JUST voice commands (Alexa -COMING SOON-, Google Home -COMING SOON-, HomePod -COMING SOON-). I can chat through pretty much any interface (sms, Facebook Messenger -COMING SOON-, etc.), I know when teammates arrive at work, when guests arrive at local businesses, when business owners ask to borrow a ladder from a neighbor -COMING SOON-, when guests message a business, EVEN WHEN SOMEONE BOOKS A HAIRCUT -COMING SOON-!! 💇
But, to be clear; I take privacy very seriously and as a Skills Developer, I'm not gonna share much with you. Seriously, all you'll get is the guest's first name and a link to their profile photo in a few sizes. Oh, and you can only access data your skill collects. All data shared between skills is done through the emitting of events.
Anyway, what was I saying before things got all serious?
It's the ultimate social network, and with your skills giving me the power to facilitate amazing experiences, brick-and-mortar, ma and pa shops will live long into the future. 🌲🤖
yarn global add sprucebot-cli
This is where the magic happens!
sprucebot skill create
prod
alpha
locations, eg Spruce, email scientists@sprucelabs.ai
stage
... you guessed itsprucebot skill register
remote
sprucebot skill unregister
-COMING SOON-
sprucebot skill listen [event-name]
-COMING SOON-
-
"./events/event-name.js
vip:will-send
./events/vip/will-send.js
sprucebot skill ignore [event-name]
-COMING SOON-
./events/did-enter.js
-> ./events/disabled/did-enter.js
sprucebot skill [get|post|patch|delete] "[route/path]"
-COMING SOON-
sprucebot skill page /path
-COMING SOON-
/guest/profiles/:profileId/bookings/:bookingId
generates /pages/guest/profiles/bookings.js
Auth n' such. Requires you to have an account at your chosen remote
(probably hello.sprucebot.com).
sprucebot user login
sprucebot user logout
-COMING SOON-*
When your skill needs to respond to different events (enter, leave), you need to simulate them locally.
cd my-skill-dir #Run the simulator in your skill
sprucebot simulator start
Once the simulator is running, you can press different keys to simulate events. You'll see when you get there.
This section is only relevant if you've been given permission to work directly on my core systems.
sprucebot platform install [path]
path
defaults to ./sprucebot
-p --platform
to select web
, api
, or defaults all
--s --select-version
to checkout specific versions once cloned-b --branch
the branch to checkout, defaults to dev
com-sprucebot-api
com-sprucebot-web
sprucebot-dev-services
sudo sprucebot platform development
local.sprucebot.com
, local-api.sprucebot.com
, and local-devtools.sprucebot.com
to hosts
sprucebot platform start [key]
key
can be all
, web
, api
, relay
all
sudo sprucebot platform logs [key]
key
can be all
, web
, api
, relay
all
sprucebot platform version
FAQs
A command-line tool for Sprucebot 🌲🤖 (retail.bot).
The npm package sprucebot-cli receives a total of 4 weekly downloads. As such, sprucebot-cli popularity was classified as not popular.
We found that sprucebot-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.