
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
yapi-plugin-crowd-login
Advanced tools
基于Crowd认证的YAPI登录插件
第一步:在config.json这层目录下运行 yapi plugin --name yapi-plugin-crowd-login安装插件
第二步:配置crowd认证登录config.json,options中的参数都是可选的
{
"name": "crowd-login",
"options": {
"url": "https://example.com/crowd",
"name": "应用name",
"loginBtnText": "登录按钮文字"
}
}
第三步: 添加环境变量
第二步出于安全考虑,配置文件中不支持配置应用的password,需要在环境变量中配置。
// 必须,应用password
export CROWD_PASSWORD=...
// 可选,优先级高于配置文件
export CROWD_URL=...
export CROWD_NAME=...
第三步: 重启服务器
配置后登录页在默认的登录/注册按钮后面会新出现一个Crowd登录。如果配置后登录不成功请确保配置正确后并检查日志中的报错信息。
通过yapi-cli更新插件还是比较麻烦的,直接再执行一次命令并不会更新。因为yapi-cli安装插件实际上就是在vendors目录下执行npm install --registry https://registry.npm.taobao.org yapi-plugin-crowd-login,所以最后会在package.json文件中记录下开始安装的版本号,再次执行安装的还是同一个版本。
执行如下操作可以进行更新:
./vendors/node_modules/.ykit_cache文件夹yapi-plugin-crowd-login的版本或者直接npm i yapi-plugin-crowd-login@version./vendors/目录中执行命令NODE_ENV=production ykit pack -myapi plugin --name yapi-plugin-crowd-login后再重启服务器就完成安装指定版本的插件FAQs
基于Crowd认证的YAPI登录插件
The npm package yapi-plugin-crowd-login receives a total of 2 weekly downloads. As such, yapi-plugin-crowd-login popularity was classified as not popular.
We found that yapi-plugin-crowd-login demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.