
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
yapi-plugin-auto-test
Advanced tools
在分组的项目导航栏中加入自动化测试标签,支持直接在项目中设置服务端测试计划。
第一步:在config.json 这层目录下运行 yapi plugin --name yapi-plugin-auto-test 安装插件
第二步: 重启服务器
用户可以自定义多个测试计划,根据对应的设置项进行测试计划的设置。
时间轴风格的测试结果列表,支持直接查看历史测试结果。注意:测试结果页面的清空会直接清空当前计划的历史测试结果,谨慎操作。
通过yapi-cli更新插件还是比较麻烦的,直接再执行一次命令并不会更新。因为yapi-cli安装插件实际上就是在vendors目录下执行npm install --registry https://registry.npm.taobao.org yapi-plugin-auto-test,所以最后会在package.json文件中记录下开始安装的版本号,再次执行安装的还是同一个版本。
执行如下操作可以进行更新:
./vendors/node_modules/.ykit_cache文件夹yapi-plugin-auto-test的版本或者直接npm i yapi-plugin-auto-test@version./vendors/目录中执行命令NODE_ENV=production ykit pack -m,再重启服务器就完成安装指定版本的插件FAQs
YAPI自动化测试插件,支持在YAPI设置测试计划,查看历史测试结果,自定义通知。
The npm package yapi-plugin-auto-test receives a total of 7 weekly downloads. As such, yapi-plugin-auto-test popularity was classified as not popular.
We found that yapi-plugin-auto-test demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.