
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
update-them-all
Advanced tools
update-them-all is a convenient command-line tool and npm package designed to help you easily update all your npm dependencies, including Angular CLI and Angular Core, in your project. The package automatically stages and commits changes for each updated package or group of packages, providing a clean commit history and making it simple to track updates.
To use update-them-all as a command-line tool, simply run the following command in your project directory:
npm install update-them-all --save-dev
npx update-them-all
Alternatively, you can install the package globally and run the command:
npm install -g update-them-all
update-them-all
The application provides an option for custom configuration settings to better suit your project requirements. You can achieve this by creating a configuration file in the root directory of your project.
update-config.json
at the root directory of your project.{
"keepAngularMajorVersion": true,
"removeVersioningSymbols": false,
"ignoreDependencies": [],
"ignoreDevDependencies": [],
"autoCommitDuringUpdate": false
}
keepAngularMajorVersion: When set to true
, the application will maintain the major version of Angular in your project. It will still update minor and patch versions. By default, this is set to true
.
removeVersioningSymbols: If this is set to true
, the application will remove any symbols (like ^
and ~
) that indicate a version range in your package.json
file. This means that npm will install the exact version specified, rather than the latest version that matches the specified range. The default value is false
.
ignoreDependencies: This is an array that you can use to list specific dependencies that you don't want the application to update. By default, this array is empty, meaning the application will attempt to update all dependencies.
ignoreDevDependencies: This is an array that you can use to list specific devDependencies that you don't want the application to update. By default, this array is empty, meaning the application will attempt to update all devDependencies.
Create a new branch like "update date[xy]" and then run the script
npx update-them-all
The branch must be clean
The first step is an update of Angular
ng update @angular/cli @angular/core
Then try to update all dependancys and DevDependancys as oneliner with
ng update [x] [y] [z] [...]
If the step does not work, then ng update is performed per dependency.
The last step is
npm audit fix
between each step a git Commit is done, because "ng update" needs a clean branch. With update-them-all, you can keep your npm dependencies up-to-date in a streamlined, organized, and efficient manner.
FAQs
A package to update Angular, dependencies, and devDependencies
The npm package update-them-all receives a total of 2 weekly downloads. As such, update-them-all popularity was classified as not popular.
We found that update-them-all demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.