Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Getting your resume aka an CV (ANSI-v 🤡) straight to your and anyone else's terminals:
Be warned though, for this is kinda useless and just for fun:
Create your resume according to the JSON Resume Schema (see also the schema specification) either:
[resume]
and [json_schema]
):
Resume:[resume]
JSON Resume Schema:[json_schema]
Provide JSON data structure of the resume, formatted according to the JSON Resume Schema
Output json, no yapping
Note: for json_schema
you can just use the example from hereheyho
sample for a possible starting point),Create a public gist named resume.json
with your resume contents.
You're now the proud owner of an ancv. Time to try it out.
The following examples work out-of-the-box.
Replace heyho
with your GitHub username once you're all set up.
curl:
curl -L ancv.io/heyho
with -L
being shorthand for --location
, allowing you to follow the redirect from http://ancv.io
through to https://ancv.io
.
It's shorter than its also perfectly viable alternative:
curl https://ancv.io/heyho
Lastly, you might want to page the output for easiest reading, top-to-bottom:
curl -sL ancv.io/heyho | less
If that garbles the rendered output, try less -r
aka --raw-control-chars
.
wget:
wget -O - --quiet ancv.io/heyho
where -O
is short for --output-document
, used here to redirect to stdout.
PowerShell 7:
(iwr ancv.io/heyho).Content
where iwr
is an alias for Invoke-Webrequest
, returning an object whose Content
we access.
PowerShell 5:
(iwr -UseBasicParsing ancv.io/heyho).Content
where -UseBasicParsing
is only required if you haven't set up Internet Explorer yet (yes, really).
If you have, then it works as PowerShell 7 (where that flag is deprecated and the default anyway).
All configuration is optional.
The CV is constructed as follows:
In summary:
you control:
the template.
Essentially the order of items, indentations, text alignment, position of dates and more. Templates are like layouts/skeletons.
the theme.
This controls colors, italics, boldface, underlining, blinking (yes, really) and more. A couple themes exist but you can easily add your own one.
the language to use.
Pre-set strings like section titles (Education, ...), names of months etc. are governed by translations, of which there are a couple available already. All other text is free-form.
text content like emojis and newlines to control paragraph breaks.
Emojis are user-controlled: if you want them, use them in your resume.json
; in the future, there might be templates with emojis baked in, but you'd have to actively opt into using one.
date formatting, in a limited fashion through a special dec31_as_year
toggle.
If that toggle is true
, dates in the format YYYY-12-31
will be displayed as YYYY
only.
lastly, there's a toggle for ASCII-only output.
It only concerns the template and controls the drawing of boxes and such (e.g., -
versus ─
: only the latter will produce gapless rules).
If you yourself use non-ASCII characters in your texts, use a language containing non-ASCII characters (Spanish, French, ...) or a theme with non-ASCII characters (e.g., a theme might use the •
character to print bullet points), non-ASCII Unicode will still occur.
As such, this toggle currently isn't very powerful, but with some care it does ultimately allow you to be ASCII-only.
If you come up with new templates, themes or translations, a PR would be highly appreciated.
you do not control:
anything about a viewer's terminal!
Any recent terminal will support a baseline of features (e.g., colors), but large parts of the functionalities depend on the font used: proper Unicode support is needed for pretty output (see ascii_only
), and ideally emojis if you're into that (although it's easy to pick an emoji-free template).
Many themes leverage Unicode characters as well.
access to your CV: like the gist itself, it will be publicly available on GitHub.
Configuring ancv
requires going beyond the vanilla JSON Resume schema.
You will need to add an (entirely optional) $.meta.ancv
field to your resume.json
.
The provided schema will be of help here:
an editor capable of providing auto-completion based on it, like Visual Studio Code, will make filling out the additional configuration a breeze.
The schema will further inform you of the default values (used for unspecified fields).
Since everything is optional, a valid JSON resume (without an ancv
section) is valid for ancv
use as well.
Install the package as usual:
pip install ancv
This also allows you to import whatever you could want or need from the package, if anything. Note that it's pretty heavy on the dependencies.
See also the available packages aka images:
docker pull ghcr.io/alexpovel/ancv
Versioned tags (so you can pin a major) are available.
Once installed, you could for example check whether your resume.json
is valid at all (validate
) or get a glimpse at the final product (render
):
# pip route:
$ ancv render resume.json
# container route:
$ docker run -v $(pwd)/resume.json:/app/resume.json ghcr.io/alexpovel/ancv render
Alternatively, you can directly serve your resume from any HTTP URL using he built-in web server:
# pip route:
$ ancv serve web https://raw.githubusercontent.com/alexpovel/ancv/refs/heads/main/ancv/data/showcase.resume.json
# container route:
$ docker run -p 8080:8080 ghcr.io/alexpovel/ancv serve web https://raw.githubusercontent.com/alexpovel/ancv/refs/heads/main/ancv/data/showcase.resume.json
Test it:
curl http://localhost:8080
The web server includes useful features like:
Self-hosting is a first-class citizen here.
The https://ancv.io site is hosted on Google Cloud Run (serverless) and deployed there automatically, such that the latest release you see here is also the code executing in that cloud environment.
That's convenient to get started: simply create a resume.json
gist and you're good to go within minutes.
It can also be used for debugging and playing around; it's a playground of sorts.
You're invited to use this service for as much and as long as you'd like. However, obviously, as an individual I cannot guarantee its availability in perpetuity. You might also feel uncomfortable uploading your CV onto GitHub, since it has to be public for this whole exercise to work. Lastly, you might also be suspicious of me inserting funny business into your CV before serving it out. If this is you, self-hosting is for you.
For simplicity, using Docker Compose (with Docker's recent Compose CLI plugin):
cd self-hosting
resume.json
into the directorydocker compose up
Caddy (chosen here for simplicity) will handle HTTPS automatically for you, but will of course require domain names to be set up correctly to answer ACME challenges.
Handling DNS is up to you; for dynamic DNS, I can recommend qmcgaw/ddns-updater
.
If you self-host in the cloud, the server infrastructure might be taken care of for you by your provider already (as is the case for Google Cloud Run). In these cases, a dedicated proxy is unnecessary and a single Dockerfile might suffice (adjusted to your needs). True serverless is also a possibility and an excellent fit here. For example, one could use Digital Ocean's Functions. If you go that route and succeed, please let me know! (I had given up with how depressingly hard dependency management was, as opposed to tried-and-tested container images.)
The exporter has a couple caveats.
You will probably not be able to paste its result into a gist and have it work out of the box.
It is recommended to paste the export into an editor capable of helping you find errors against the contained $schema
, like VS Code.
Alternatively, a local ancv render your-file.json
will print pydantic
validation errors, which might be helpful in debugging.
For example, the exporter might leave $.basics.url
an empty string, which isn't a valid URI and therefore fails the schema and, by extension, ancv
.
Similarly, endDate
keys might get empty string values.
Remove these entries entirely to stay conformant to the JSON Resume Schema (to which ancv
stays conformant). ↩
FAQs
Renders your (JSON) resume/CV for online & pretty terminal display
We found that ancv demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.