npm-lint
HomeBrew
npm-lint | HomeBrew | |
---|---|---|
4 | 1,281 | |
26 | 39,456 | |
- | 1.0% | |
0.0 | 10.0 | |
about 4 years ago | 1 day ago | |
TypeScript | Ruby | |
MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
npm-lint
-
JavaScript registry NPM vulnerable to 'manifest confusion' abuse
That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.
This is not a new problem, you just have another vector.
I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.
https://github.com/tanepiper/npm-lint
-
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
Also ended up writing a similar tool but didn't take it much further.
-
npm package to upload your private ssh keys to a pastebin
I did try come up with a npm linter but never really completed it.
-
Getting rid of NPM scripts
A while back I wrote a opt-in tool called npl-lint[1] that would allow some CI-level enforcement of rules in package.json although I didn't go too far with it - one thing was to check the scripts section and allow whitelisted apps, or whitelisted sources for dependencies.
It came about because I ended up having a spat with one of the NPM engineers at the time because they launched npx with the ability to run arbitrary gists[2] and this was before 2FA (FWIW you can still absolutely do this with npx).
I wrote a proof of concept[3] that showed you could, inside a package.json add a command to install another package from a gist location, and then use that to steal credentials, bash history, etc.
[1] https://github.com/tanepiper/npm-lint
HomeBrew
-
Top Homebrew Alternative: ServBay Becomes the Go-To for Developers
Homebrew is a highly popular package manager on macOS and Linux systems, enabling users to easily install, update, and uninstall command-line tools and applications. Its design philosophy focuses on simplifying the software installation process on macOS, eliminating the need for manual downloads and compilations of software packages.
-
Software Engineering Workflow
Homebrew - package manager for linux-based OSs.
-
Simulate your first Lightning transaction on the Bitcoin regtest network Part 1 (MacOS)
Package Manager: Homebrew
-
Tools for Linux Distro Hoppers
Hopping from one distro to another with a different package manager might require some time to adapt. Using a package manager that can be installed on most distro is one way to help you get to work faster. Flatpak is one of them; other alternative are Snap, Nix or Homebrew. Flatpak is a good starter, and if you have a bunch of free time, I suggest trying Nix.
-
SQLite Schema Diagram Generator
Are you using SQLite that ships with macOS, or SQLite installed from homebrew?
I had a different problem in the past with the SQLite that ships with macOS, and have been using SQLite from homebrew since.
So if it’s the one that comes with macOS that gives you this problem that you are having, try using SQLite from homebrew instead.
https://brew.sh/
-
How to install (Ubuntu 22.10 VM) vagrant on Mac M1 ship using QEMU
Before we begin, make sure you have Homebrew installed on your Mac. Homebrew is a package manager that makes it easy to install software and dependencies. You can install Homebrew by following the instructions on their website: https://brew.sh/
-
Perfect Elixir: Environment Setup
I’m on MacOS and erlang.org, elixir-lang.org, and postgresql.org all suggest installation via Homebrew, which is a very popular package manager for MacOS.
-
You're Installing Node.js Wrong. That's OK, Here Is How To Fix It 🙌
I have always either installed Node from the installer provided by the Nodejs website or, via Brew in macOS. I have also used nvm in the past but did not know that there was a best practice to guide us.
-
Test Driving a Rails API - Part One
A running Rails application needs a database to connect to. You may already have your database of choice installed, but if not, I recommend PostgreSQL, or Postgres for short. On a Mac, probably the easiest way to install it is with Posrgres.app. Another option, the one I prefer, is to use Homebrew. With Homebrew installed, this command will install PostgreSQL version 16 along with libpq:
-
Effective Neovim Setup. A Beginner’s Guide
On a macOS machine, you can use homebrew by running the command.
What are some alternatives?
ultra-runner - 🏃⛰ Ultra fast monorepo script runner and build tool
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
pnpm - Fast, disk space efficient package manager
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
steal-ur-stuff - Steal Ur Stuff
Visual Studio Code - Visual Studio Code
actual-malware - Useful library dependency
winget-cli - WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
osxfuse - FUSE extends macOS by adding support for user space file systems
Chocolatey - Chocolatey - the package manager for Windows
Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
ohmyzsh - 🙃 A delightful community-driven (with 2,300+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python, etc), 140+ themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.