Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
underscore-contrib
Advanced tools
The brass buckles on Underscore's utility belt -- a contributors' library for Underscore.
While Underscore provides a bevy of useful tools to support functional programming in JavaScript, it can't (and shouldn't) be everything to everyone. Underscore-contrib is intended as a home for functions that, for various reasons, don't belong in Underscore proper. In particular, it aims to be:
First, you’ll need Underscore. Then you can grab the relevant underscore-contrib libraries and simply add something like the following to your pages:
<script type="text/javascript" src="underscore.js"></script>
<script type="text/javascript" src="underscore.object.builders.js"></script>
At the moment there are no cross-contrib dependencies (i.e. each library can stand by itself), but that may change in the future.
There is still a lot of work to do around perf, documentation, examples, testing and distribution so any help in those areas is welcomed. Pull requests are accepted, but please search the issues before proposing a new sub-contrib or addition. Additionally, all patches and proposals should have strong documentation, motivating cases and tests. It would be nice if we could not only provide useful tools built on Underscore, but also provide an educational experience for why and how one might use them.
Other (potentially) useful sub-contribs include the following:
What do these mean? Well, that’s up for discussion. :-)
FAQs
underscore-contrib ==================
We found that underscore-contrib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.