
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
提醒:请使用 tnpm 安装,新版本并不会发布到 npm 中。
校验 .we
文件或者 JS Bundle 是否符合规范。
安装:
tnpm install @ali/weex-lint -g
使用 cli:
weex-lint example.we
在 node.js 程序中使用:
var weexLint = require('weex-lint')
weexLint('filePath_or_URL')
.then(function(result) {
// 输出校验报告的函数
result.reporter(result.record)
// 获取结果报告的 JSON 字符串
result.toJSON()
})
详细的使用方法请参考:《Use it in node.js》
.we
格式的 weex 组件文件。# 校验本地 .we 文件
weex-lint src/index.we
# 校验本地打包好的 js bundle
weex-lint dist/index.js
# 校验远端 .we 原文件
weex-lint https://x.com/src/demo.we
# 校验远端压缩后的 js bundle
weex-lint http://x.com/dist/demo.min.js
FAQs
Diagnose weex file
The npm package weex-lint receives a total of 2 weekly downloads. As such, weex-lint popularity was classified as not popular.
We found that weex-lint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.