Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
vile
Advanced tools
Readme
vile
is a general purpose code quality tool for any language or
platform that statically analyzes your software project and its dependencies.
Along with its hosted service it provides a highly flexible platform for continuous software analysis that integrates directly into your CI process and development workflow.
The main library requires you at least have Node.js installed.
A simple install and setup:
cd my_project/
npm i vile
npx vile init
npx vile analyze
Please see docs.vile.io for more detailed info.
The core vile
package comes with a general set of plugins that support basic multi-language analysis.
To analyze your code further, such as tracking outdated RubyGems, plugging in your favourite linter, tracking code complexity, or checking for vulnerabilities, you need to install extra plugins first.
vile a
locally to analyze your code and print any issues or datavile a -u
on every build server commit to continuously analyze your codevile a -d -p lint-plugin my/file.ext
to run a plugin on a specific filevile a -d -e -p lint-plugin,security-plugin
to run certain lint checks during a buildAny contributions are welcome and appreciated!
Please see CONTRIBUTING for more info.
This project is licensed under the MPL-2.0 license.
Any contributions made to this project are made under the current license.
This project uses Semver.
For more info on why vile
was created checkout our post on Medium.
FAQs
A code quality tool for any language or platform.
The npm package vile receives a total of 9 weekly downloads. As such, vile popularity was classified as not popular.
We found that vile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.