steal-ur-stuff
Steal Ur Stuff (by tanepiper)
project
By example
steal-ur-stuff | project | |
---|---|---|
8 | 2 | |
21 | - | |
- | - | |
0.0 | - | |
almost 7 years ago | - | |
- | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
steal-ur-stuff
Posts with mentions or reviews of steal-ur-stuff.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-27.
-
JavaScript registry NPM vulnerable to 'manifest confusion' abuse
I actually did a POC 7 years ago about this - https://github.com/tanepiper/steal-ur-stuff
It was reported to npm at the time, but they chose to ignore it - https://github.com/npm/npm/issues/17724
-
I wish more developers understood the constant stream of malware that is posted to npm
postinstall malware I reported almost 7 years ago with npm - that it can run any arbitrary script locally or remotely.
-
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
I should really get around to how I discovered this 6 years ago and still nothing done about it
-
Attackers are hiding malware in minified packages distributed to NPM
Whenever something like this comes up I usually have to tap the sign (and the original report)
-
npm package to upload your private ssh keys to a pastebin
Ahh this old one - I wrote a similar package a while back as a proof of concept that npx is a bad idea 5 years ago - the developer at npm at the time told me it wasn't a problem.
-
A pastebin-like platform where you can easily paste code and import it as a module in our NPM projects
Please don't do this and never make it an actual dependency.
-
Researcher hacks over 35 tech firms by creating public NPM packages
Not only that it can run arbitrary code contained in a Gist and I showed this 4 years ago https://github.com/tanepiper/steal-ur-stuff
-
Getting rid of NPM scripts
[3] https://github.com/tanepiper/steal-ur-stuff
project
Posts with mentions or reviews of project.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-02-11.
-
Git commands you need to know!
git clone https://github.com/example/project.git
-
Researcher hacks over 35 tech firms by creating public NPM packages
foo = "0.1" git_foo = { git = "https://github.com/example/project", package = "foo" } custom_foo = { version = "0.1", registry = "custom", package = "foo" }
What are some alternatives?
When comparing steal-ur-stuff and project you can also consider the following projects:
cli - Command line interface for the Phylum API
actual-malware - Useful library dependency
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
npm
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
event-stream - EventStream is like functional programming meets IO
git-open - Type `git open` to open the GitHub page or website for a repository in your browser.
npm-lint - A linter for npm & node package.json files with a focus on dependency security