Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
This is a command line tool to help build, run, and test WebExtensions.
Ultimately, it aims to support browser extensions in a standard, portable, cross-platform way. Initially, it will provide a streamlined experience for developing Firefox Extensions.
Here are the commands you can run. Click on each one for detailed documentation or use --help
on the command line, such as web-ext build --help
.
run
lint
sign
build
docs
web-ext
documentation in a browserFirst, make sure you are running the current LTS (long term support) version of NodeJS.
You can install this command onto your machine globally with:
npm install --global web-ext
Alternatively, you can install this command as one of the
devDependencies
of your project. This method can help you control the version of web-ext
as used by your team.
npm install --save-dev web-ext
Next you can use the web-ext
command in your project as an
npm script.
Here is an example where the --source-dir
argument specifies where to find
the source code for your extension.
package.json
"scripts": {
"start:firefox": "web-ext run --source-dir ./extension-dist/",
}
You can always pass in additional commands to your npm scripts using
the --
suffix. For example, the previous script could specify the Firefox
version on the command line with this:
npm run start:firefox -- --firefox=nightly
You'll need:
Optionally, you may like:
If you had already installed web-ext
from npm,
you may need to uninstall it first:
npm uninstall --global web-ext
Change into the source and install all dependencies:
git clone https://github.com/mozilla/web-ext.git
cd web-ext
npm install
Build the command:
npm run build
Link it to your node installation:
npm link
You can now run it from any directory:
web-ext --help
To get updates, just pull changes and rebuild the executable. You don't need to relink it.
cd /path/to/web-ext
git pull
npm run build
Aside from using web-ext on the command line, you may wish to execute web-ext
in NodeJS code. There is limited support for this. Here are some examples.
You are able to execute command functions without any argument validation. If you want to execute web-ext run
you would do so like this:
// const webExt = require('web-ext').default;
// or...
import webExt from 'web-ext';
webExt.cmd.run({
// These are command options derived from their CLI conterpart.
// In this example, --source-dir is specified as sourceDir.
firefox: '/path/to/Firefox-executable',
sourceDir: '/path/to/your/extension/source/',
}, {
// These are non CLI related options for each function.
// You need to specify this one so that your NodeJS application
// can continue running after web-ext is finished.
shouldExitProgram: false,
})
.then((extensionRunner) => {
// The command has finished. Each command resolves its
// promise with a different value.
console.log(extensionRunner);
// You can do a few things like:
// extensionRunner.reloadAllExtensions();
// extensionRunner.exit();
});
If you would like to control logging, you can access the logger object. Here is an example of turning on verbose logging:
webExt.util.logger.consoleStream.makeVerbose();
webExt.cmd.run({sourceDir: './src'}, {shouldExitProgram: false});
You can also disable the use of standard input:
webExt.cmd.run({noInput: true}, {shouldExitProgram: false});
web-ext
is designed for WebExtensions but you can try disabling manifest validation to work with legacy extensions. This is not officially supported.
webExt.cmd.run(
{sourceDir: './src'},
{
getValidatedManifest: () => ({
name: 'some-fake-name',
version: '1.0.0',
}),
shouldExitProgram: false,
},
);
Yes! The web-ext tool enables you to build and ship extensions for Firefox. This platform stabilized in Firefox 48 which was released in April of 2016.
Hi! This tool is under active development. To get involved you can watch the repo, file issues, create pull requests, or ask a question on dev-addons. Read the contributing section for how to develop new features.
This is a great question and one that we will ask ourselves for each new web-ext feature. Most WebExtension functionality is baked into the browsers themselves but a complimentary command line tool will still be helpful. Here is a partial list of examples:
First, note that jpm is still actively maintained by Mozilla right now. We decided not to patch jpm for WebExtensions support (See jpm issue 445, discussion).
Mozilla built cfx then deprecated it for jpm and now we're proposing a new tool. I know this is frustrating for developers, but WebExtensions mark a major turning point. It would be an arduous task to wedge its feature set and simplified development process into jpm.
Pros of creating a new tool:
Cons of creating a new tool:
FAQs
A command line tool to help build, run, and test web extensions
The npm package web-ext receives a total of 39,381 weekly downloads. As such, web-ext popularity was classified as popular.
We found that web-ext demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.