Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
veritone-developer-cli
Advanced tools
A CLI for interacting with Veritone developer APIs and publishing apps
⚠️ WARNING: This is under active development and not yet considered stable for production use!
veritone-developer-cli
is a command line interface (CLI) for deploying aiWARE applications to an aiWARE instance directly from their source code.
The tool analyzes a specially-formatted manifest.yaml
file in the base of a project directory,
looks at the difference between the configuration specified there and the live deployment of the application in aiWARE,
and calls the aiWARE API to make changes to bring the deployed version of the application inline with the manifest file.
⚠️ WARNING: This means it will CHANGE THINGS IN YOUR ACCOUNT! USE WITH CAUTION!
Install npx
In the root directory for your application, create a manifest.yaml
that looks like test/manifest.yaml
.
Retrieve an aiWARE token somehow (probably by logging in and pulling it out of your cookies)
Run this to create your application in the production environment:
veritone-developer-cli deploy
Or for deploying to another environment, you can override the API URL with -u
.
veritone-developer-cli deploy -e "<the URL for your environment (e.g. uk.veritone.com)>"
For full usage information, run veritone-developer-cli --help
The script works against a manifest file, which can be written in either .yaml
or .json
.
You optionally specify the path to the manifest file as the argument to the deploy
command.
veritone-developer-cli deploy my-manifest.yaml
If you don't specify, the script will look in the current directory for manifest.yaml
or manifest.json
(prefers yaml).
TODO: Need to document the format of the actual contents. For now, just look at
test/manifest.yaml
and copy it.
For now, there's just one command: deploy
.
And running npx veritone-developer-cli
or ../bin/veritone-developer
or ../bin/veritone-developer deploy
all do the same thing for the moment.
To help protect secrets and ease integration into build systems, some command line arguments can also be provided via environment variables. The command line arguments take precedence over environment variables if both are present.
Token | Equivalent Flag |
---|---|
VERI_ENVIRONMENT | --environment |
VERI_PASSWORD | --password |
VERI_TOKEN | --token |
VERI_USERNAME | --username |
Dependencies:
yarn
yarn link # to mimic a global install so you can use it easily on the command line in other projects
Running the following should successfully register a full-featured application.
⚠️ WARNING: This DOES make changes in your account. Use with caution!
cd test
VERI_TOKEN="<your token>" ../bin/veritone-developer # or just veritone-developer if you yarn link'd above
Running it again should ideally make no changes.
git checkout master
git pull
yarn publish # and answer prompts. This will add a commit and tag to your branch.
git push
Feel as magical as now.
Allow developers to do everything Veritone Developer provides without ever having to touch the UI.
Our sketches for the manifest can be seen in our CodeSandbox. See @SteveShaffer for access if you don't have it.
Following Twilio's guide on how to build a node CLI.
But using yargs
instead of arg
.
majorVersion
number in the manifest, it should be able to push updates to the new major version though..aiware.json
tf plan
)/deploy
and use yargs
.commandDir
We'd like to be intentional about the dependencies we bring in. There's always lots of technologies to pick from on these projects.
Here's what we'd like to explore using for various things. If there's a better alternative, we might change our minds, but here's where our minds are at right now.
yargs
for parsing CLI argspkg
for bundling a binarylistr
for progress meterschalk
for colored STDOUTinquirer
for interactive inputsShould have a command line synonym shorter than veritone-developer
Should be able to run via npx
npx veritone-developer-cli deploy
Should be able to run as a standalone binary
curl https://scripts.veritone.com/veritone-developer | bash
FAQs
A CLI for interacting with Veritone developer APIs and publishing apps
The npm package veritone-developer-cli receives a total of 3 weekly downloads. As such, veritone-developer-cli popularity was classified as not popular.
We found that veritone-developer-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.