Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Write in Notion. Publish with Hugo.
Use Notion as a CMS (Content Management System) for your Hugo site/blog.
hugo-notion
is a command line (CLI) tool that syncs your Notion page url to your Hugo site's/blog's content
directory.
hugo-notion
is a Ruby gem. Use the gem
command to install it
gem install hugo-notion --prerelease
Installing the hugo-notion
ruby gem will install the huno
command
First, create a Notion integration, generate a secret and connect that integration to the Notion page https://developers.notion.com/docs/create-a-notion-integration#getting-started
Go to your Hugo site directory and run
NOTION_TOKEN=your_notion_secret huno your_notion_page_url
huno
will sync your Notion page and its children pages to the content
directory.
If you're yet to move your Hugo pages to Notion, you can use my "blog_content" Notion page as a template https://www.notion.so/blog_content-0f1b55769779411a95df1ee9b4b070c9
To avoid having to provide the notion token and notion page url again and again, create an .env file
echo 'NOTION_TOKEN=your_notion_secret' > .env
echo 'CONTENT_NOTION_URL=your_notion_page_url >> .env'
To run huno
say, every 15 seconds, use the watch
command
watch -n15 huno
If you're on MacOS and don't have the watch
command installed, you can use Homebrew to install it
brew install watch
If you'd like to report a bug (if there are any, please do), please create a GitHub issue
FAQs
Unknown package
We found that hugo-notion demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.