Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
truffle-box
Advanced tools
Truffle Box management functionality.
Provides behavior for unboxing a new project from a predefined Truffle Box.
Truffle Boxes are configured via an optional truffle-box.json
file in the
box repo's root directory.
This box configuration file specifies an object containing the following properties:
ignore
A list of relative paths to files that should be removed upon box unpack. Useful to remove box READMEs or other artifacts that pertain to box but not the set-up Truffle project.
Example:
"ignore": [
"README.md",
".gitignore"
]
commands
An object mapping supported behaviors for project to invoked command strings.
truffle unbox
prints commands to screen upon unboxing for documentation
purposes.
Example:
"commands": {
"compile": "truffle compile",
"migrate": "truffle migrate",
"test": "truffle test"
}
hooks
An object to specify commands to run at particular steps in the unbox process. Maps strings identifying individual hooks to command strings.
Example:
"hooks": {
"post-unpack": "npm install"
}
post-unpack
If provided, runs command after box files are fetched and cleaned up for a new project.
Commonly useful to install dependencies, e.g.
FAQs
Truffle project boilerplate utility
We found that truffle-box demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.