steal-ur-stuff
git-open
steal-ur-stuff | git-open | |
---|---|---|
8 | 4 | |
21 | 3,276 | |
- | - | |
0.0 | 2.4 | |
almost 7 years ago | about 2 months ago | |
Shell | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
steal-ur-stuff
-
JavaScript registry NPM vulnerable to 'manifest confusion' abuse
I actually did a POC 7 years ago about this - https://github.com/tanepiper/steal-ur-stuff
It was reported to npm at the time, but they chose to ignore it - https://github.com/npm/npm/issues/17724
-
I wish more developers understood the constant stream of malware that is posted to npm
postinstall malware I reported almost 7 years ago with npm - that it can run any arbitrary script locally or remotely.
-
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
I should really get around to how I discovered this 6 years ago and still nothing done about it
-
Attackers are hiding malware in minified packages distributed to NPM
Whenever something like this comes up I usually have to tap the sign (and the original report)
-
npm package to upload your private ssh keys to a pastebin
Ahh this old one - I wrote a similar package a while back as a proof of concept that npx is a bad idea 5 years ago - the developer at npm at the time told me it wasn't a problem.
-
A pastebin-like platform where you can easily paste code and import it as a module in our NPM projects
Please don't do this and never make it an actual dependency.
-
Researcher hacks over 35 tech firms by creating public NPM packages
Not only that it can run arbitrary code contained in a Gist and I showed this 4 years ago https://github.com/tanepiper/steal-ur-stuff
-
Getting rid of NPM scripts
[3] https://github.com/tanepiper/steal-ur-stuff
git-open
-
(re)Introducing `git trim`- a command to quickly remove merged, pruned, untracked, or stale branches.
That how I use git open. Guess I assumed it was more common, so why not.
-
JavaScript Influencers to Follow in 2021🤩
Project: h5bp/html5-boilerplate, Webfundamentals, GoogleChrome/lighthouse, so-fancy/diff-so-fancy, git-open
-
I made a small git util to open relevant git files: git open
You might want to change name to something else. There's already a git-open and I use it extensively!
-
Getting rid of NPM scripts
I love git open[0] but I was always a bit mystified by how a simple "npm install" command can modify what it needs to in order for "git open" to become a valid command.
[0]https://github.com/paulirish/git-open
What are some alternatives?
cli - Command line interface for the Phylum API
git-ftp - Uses Git to upload only changed files to FTP servers.
actual-malware - Useful library dependency
git-extras - GIT utilities -- repo summary, repl, changelog population, author commit percentages and more
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
normalizr - Normalizes nested JSON according to a schema
npm
git-semantic-commits - Tiny semantic commit messages for Git.
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
redux - A JS library for predictable global state management
event-stream - EventStream is like functional programming meets IO
Vue.js - This is the repo for Vue 2. For Vue 3, go to https://github.com/vuejs/core