Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
== Mattock === A powerful companion to Rake
The goal for Mattock is to be able to build configurable, composable tasklibs for Rake quickly, and get validation that they're working properly.
Throughout, the goal has been to lean hard on straight up Ruby, with as little metaprogrammitic DSL nonsense as I could get away with.
In fact, basically the only DSL stuff in Mattock are settings for Tasklibs. The gory details are in {Mattock::Configurable}. Inheritable, defaultable, verifying, copyable settings. Nothing you haven't seen done before.
=== Tasklibs
The upshot of Mattock is being able to build Rake Tasklibs so that you can do things like:
tk = Toolkit.new do |tk| tk.file_lists.project = [FILE] end
tk.in_namespace do vc = Git.new(tk) do |vc| vc.branch = "master" end task tk.finished_files.build => vc["is_checked_in"] end
Things of note there: the "Git" tasklib takes the Toolkit tasklib as an argument. Git can pull out settings from Toolkit. (Conversely, that means as these tasklibs are designed, common settings can be pulled up into parent tasklibs.) Libs with related concerns can get hooked together and still remain loosely coupled.
Also note that Toolkit has a nested setting - settings can be arranged in namespaces, however that makes sense.
{Mattock::TaskLib} also codifies the typical pattern with Rake tasklibs: setup default configuration, yield self, confirm configs, define tasks. Configuration is held in "settings," which mean defaults are easier to track, complex configs can be resolved after setup, and required values automatically confirmed.
A nice side effect is that "misconfiguration" - i.e. assigning a value to the wrong name - gets caught really quickly, which you come to appreciate in complex Rakefiles.
=== Tasks
{Mattock::Task} defines subclasses of Rake tasks - they can do all the configuration that Mattock::TaskLib can, but they're just tasks. Crucially, details about whether they're needed can be overriden. Occasionally handy.
FAQs
Unknown package
We found that mattock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.