
Research
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
starter-kit-starter
Advanced tools
Simple utility for creating flexible starter kits.
declare function starterKitStarter({
outputDirectory: string,
kitDirectory: string, // some magic in here!
prompt: Promise<PromptResult>,
finalizeKit: (FilepathsContentsMap, PromptResult) => FilepathsContentsMap
}): Promise<void>;
create-starter-kit-starter-example uses starter-kit-starter to create files with. See example repo, and experiment with:
yarn create starter-kit-starter-example my-app
#!/usr/bin/env node
const starterKitStarter = require("starter-kit-starter");
const { prompt } = require("enquirer");
const path = require("path");
const {
_: [outputDirectory]
} = require("minimist")(process.argv.slice(2));
starterKitStarter({
prompt: prompt([
{
type: "input",
name: "projectName",
message: "What is the project name?",
default: outputDirectory
}
]),
finalizeKit: (kit, answers) => kit,
kitDirectory: path.resolve(__dirname, "kit"),
outputDirectory: path.resolve(process.cwd(), outputDirectory),
dynamicExtension: ".kit"
});
Organize your starter kit code in a kit directory. If your file ends in a single extension, it will direct copy and paste. If your file ends in .extension.dynamicExtension (.js.kit), the file will be called as a function, with the result of your prompt, and you return a string. This allows for an organized, copy-paste like structure for some files, and allows you to build some files dynamically based on options (rather than using an invented template syntax).
my-project/
./a-1.js // direct copy paste
./a-2.js.kit // called as a function
./b-1.php
./b-2.php.kit
./c.css.kit
./foo
./bar.js.kit
./baz.js
./package.json.kit
Before we write files to disk, we call a finalize function with the full map of your kit files { './a-1.js': 'contents' }, and prompt options.
This gives you a final chance to not add files / manipulate names based on prompt options. The map you return is written to disk.
FAQs
Simple utility for creating flexible starter kits.
We found that starter-kit-starter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.

Product
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.

Product
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.