
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
typescript-library-template-example
Advanced tools
Template for new libraries based on Typescript with the Best Practices and Ready for Production
Starting a new library for NodeJS can be a bit frustrating, there are a lot of things to consider if we want to have a really good starting point where later we can iterate.
The main objective of this template is to provide a good base configuration for our NodeJS libraries that we can start using and move to production as soon as possible.
@/src
instead of ../../../src
).main
branch using conventional commits and that's all. Automatically we will:
Are you thinking in start some new service in the NodeJS ecosystem? If you like this template there are others base on this you can check:
The library is fully dockerized 🐳, if we want to start the app in development mode, we just need to run:
docker-compose up -d
This development mode with work with hot-reload and exposing a debug port, the 9229
, so later we can connect from our editor to it.
Now, you should be able to start debugging configuring using your IDE. For example, if you are using vscode, you can create a .vscode/launch.json
file with the following config:
{
"version": "0.1.0",
"configurations": [
{
"type": "node",
"request": "attach",
"name": "Attach to docker",
"restart": true,
"port": 9229,
"remoteRoot": "/app"
}
]
}
When you want to stop developing, you can stop the project running:
docker-compose down
npm run build
If you want to run the tests of the project, you can execute the following command:
npm run test
To run the linter you can execute:
npm run lint
And for trying to fix lint issues automatically, you can run:
npm run lint:fix
FAQs
Template for new typescript libraries
We found that typescript-library-template-example demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.