steal-ur-stuff
asdf
steal-ur-stuff | asdf | |
---|---|---|
8 | 344 | |
21 | 20,653 | |
- | 2.1% | |
0.0 | 7.6 | |
almost 7 years ago | 9 days ago | |
Shell | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
steal-ur-stuff
-
JavaScript registry NPM vulnerable to 'manifest confusion' abuse
I actually did a POC 7 years ago about this - https://github.com/tanepiper/steal-ur-stuff
It was reported to npm at the time, but they chose to ignore it - https://github.com/npm/npm/issues/17724
-
I wish more developers understood the constant stream of malware that is posted to npm
postinstall malware I reported almost 7 years ago with npm - that it can run any arbitrary script locally or remotely.
-
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
I should really get around to how I discovered this 6 years ago and still nothing done about it
-
Attackers are hiding malware in minified packages distributed to NPM
Whenever something like this comes up I usually have to tap the sign (and the original report)
-
npm package to upload your private ssh keys to a pastebin
Ahh this old one - I wrote a similar package a while back as a proof of concept that npx is a bad idea 5 years ago - the developer at npm at the time told me it wasn't a problem.
-
A pastebin-like platform where you can easily paste code and import it as a module in our NPM projects
Please don't do this and never make it an actual dependency.
-
Researcher hacks over 35 tech firms by creating public NPM packages
Not only that it can run arbitrary code contained in a Gist and I showed this 4 years ago https://github.com/tanepiper/steal-ur-stuff
-
Getting rid of NPM scripts
[3] https://github.com/tanepiper/steal-ur-stuff
asdf
- Instalando de maneira rápida e eficiente suas ferramentas no WSL. Pt-3
- Install Ruby and Rails on Fedora 40
-
Install Asdf: One Runtime Manager to Rule All Dev Environments
The main issue most people have with asdf is that it’s annoyingly slow. Not unusably so, but just enough that it’s irritating.
I identified [0] the source for much of it (sub-shells and pipes) and began a PR [1], but became bogged down with BATS testing, and then found mise / rtx, so kind of lost interest. Sorry. You can always implement these if you’d like.
[0]: https://github.com/asdf-vm/asdf/issues/290#issuecomment-1383...
[1]: https://github.com/asdf-vm/asdf/pull/1441
- Show HN: I made a multiple runtime version manager that can be used on Windows
-
Volta – Fastest Node version manager in Rust
Or if you need to manage more than just node, asdf has been around for over a decade and works great. You can use a .tool-versions to change runtimes for each project you have, in addition to managing your global runtime versions
https://asdf-vm.com/
-
Pyenv – lets you easily switch between multiple versions of Python
Why not just use a tool like asdf (https://asdf-vm.com/) or mise (https://mise.jdx.dev/)?
These tools have the advantage of not being multi-taskers and can manage version for all your tools. You wouldn’t need pyenv and npm and rvm and…
We’ve even started committing the .mise.toml files for projects to our repos. That way, since we work on multiple projects that may need multiple versions of the same tool, it’s handled and documented.
-
A Journey to Find an Ultimate Development Environment
The purpose of a version manager is to help you navigate or install any tools for development easily. Version Manager can be one tool for each dependency (e.g. NVM, g) or One tool for all dependencies (e.g. asdf, mise).
-
How to Install Your Python Version on Ubuntu
(asdf)[https://asdf-vm.com/] fully supports Python and almost any other language. I've been using it for Ruby, Python, Elixir, and other languages for years and never looked back.
-
Beginners Intro to Trunk Based Development
Secondly, our development environments must not drift, because then code may behave differently and a change could pass on our machine but fail in production. There are many tools for locking down environments, e.g nix, pkgx, asdf, containers, etc., and they all share the common goal of being able to lock down dependencies for an environment accurately and deterministically. And that needs to be enforced in our local workflow so we don't have to rely on CI environments for correctness. All developers must have environments that are effectively identical to what runs in CI (which itself should be representative of the production environment).
-
Practical Guide to Trunk Based Development
There are many ways this can be done (e.g nix, pkgx, asdf, containers, etc.), and we won’t get into which specific tools to use, because we'll instead cover the essential essence of preventing environment drift:
What are some alternatives?
cli - Command line interface for the Phylum API
SDKMan - The SDKMAN! Command Line Interface
actual-malware - Useful library dependency
pyenv - Simple Python version management
npm
rbenv - Manage your app's Ruby environment
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
event-stream - EventStream is like functional programming meets IO
volta - Volta: JS Toolchains as Code. ⚡
project