Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
thinking-sphinx-allen
Advanced tools
h1. Thinking Sphinx
h2. Usage
First, if you haven't done so already, check out the main "usage":http://ts.freelancing-gods.com/usage.html page. Once you've done that, the next place to look for information is the specific method docs - ThinkingSphinx::Search and ThinkingSphinx::Index::Builder in particular.
Keep in mind that while Thinking Sphinx works for ActiveRecord with Merb, it doesn't yet support DataMapper (although that is planned).
h2. Contributing
Fork on GitHub and after you've committed tested patches, send a pull request.
To quickly see if your system is ready to run the thinking sphinx specs, run the contribute.rb script found in the project root directory. Use the following instructions to install any missing requirements.
To get the spec suite running, you will need to install the ginger gem:
sudo gem install ginger --source http://gemcutter.org
Then install the cucumber, yard, jeweler and rspec gems. Make sure you have a git install version 1.6.0.0 or higher, otherwise the jeweler gem won't install. Bluecloth is required for some of the yard documentation.
sudo gem install bluecloth cucumber yard jeweler rspec
Then set up your database:
cp spec/fixtures/database.yml.default spec/fixtures/database.yml && mysqladmin -u root create thinking_sphinx
This last step can be done automatically by the contribute.rb script if all dependencies are met.
Make sure you don't have another Sphinx daemon (searchd) running. If you do, quit it with "rake ts:stop" in the app root.
You should now have a passing test suite from which to build your patch on.
rake spec
If you get the message "Failed to start searchd daemon", run the spec with sudo:
sudo rake spec
If you quit the spec suite before it's completed, you may be left with data in the test database, causing the next run to have failures. Let that run complete and then try again.
h2. Contributors
Since I first released this library, there's been quite a few people who have submitted patches, to my immense gratitude. Others have suggested syntax changes and general improvements. So my thanks to the following people:
FAQs
Unknown package
We found that thinking-sphinx-allen demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.