Madelyn  Frami

Madelyn Frami

1603904100

GitHubとnpmをより活用するためのJavaScriptコーダ向けガイド - GitHub Satellite 2020より

GitHubでnpmのプロダクトマネージャを務めるEdward Thomson氏は、先日のGitHub Satellite 2020で、npmがGitHubに加わったことによるJavaScript開発者への影響と、オープンソース開発とプロフェッショナル開発がともにGitHubを最大限に活用する方法について説明した。

今年4月にnpmの買収を完了したGitHubは、npmを3つの軸 — インフラストラクチャ、開発者エクスペリエンス、コミュニティ — において成長させる計画を発表している。Thomson氏は講演の中で、npm CLIとnpmレジストリの改善を目的として、GitHubが現在行っているイニシアティブについて説明した。

最初に言及したのは、CLIを対象とする活動についてである。

チームは今現在、CLIの次期バージョンである NPM v7の開発を行っています。このバージョンは、非常に大きな変革となります。CLIチームは大幅なリファクタリングを行い、正確性とパフォーマンスの向上に取り組んでいます。利用ソフトウェアのセキュリティ向上と合わせて、エコシステムにおける他ツールとの互換性の向上にもトライしています。

npm CLIチームは現在、npm audit関連のエクスペリエンスの改善を行っている。Thomson氏は新たな機能の説明として、npm v6とv7のCLIアウトプットの違いを示した。前者にはminimistパッケージに関連する脆弱性が発見されていることに加えて、表示空間を無駄遣いするテーブル形式の表示になっている。しかも、このminimistの問題は、依存関係として使用しているすべてのパッケージについて報告されるのだ。npm v7では、セキュリティ上の脆弱性に関する情報と修正方法が、より短時間でアクセスできるように簡潔に表示される。それに伴い、minimistの脆弱性問題に関する表示も1回のみになっている。npm v7はさらに、問題を発生させるパッケージがminimistのみであることを認識し、問題を自動修正するためにnpm audit fixを実行するようユーザに促してくれる。

#package managers #github #デベロップメント #devops #ニュース

What is GEEK

Buddha Community

GitHubとnpmをより活用するためのJavaScriptコーダ向けガイド - GitHub Satellite 2020より
Edison  Stark

Edison Stark

1603861600

How to Compare Multiple GitHub Projects with Our GitHub Stats tool

If you have project code hosted on GitHub, chances are you might be interested in checking some numbers and stats such as stars, commits and pull requests.

You might also want to compare some similar projects in terms of the above mentioned stats, for whatever reasons that interest you.

We have the right tool for you: the simple and easy-to-use little tool called GitHub Stats.

Let’s dive right in to what we can get out of it.

Getting started

This interactive tool is really easy to use. Follow the three steps below and you’ll get what you want in real-time:

1. Head to the GitHub repo of the tool

2. Enter as many projects as you need to check on

3. Hit the Update button beside each metric

In this article we are going to compare three most popular machine learning projects for you.

#github #tools #github-statistics-react #github-stats-tool #compare-github-projects #github-projects #software-development #programming

Jolie  Reichert

Jolie Reichert

1595581560

Stay Safe on GitHub: Security Practices to Follow

gthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

  • Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
  • Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
  • Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
  • Revoke access for all inactive users who are no longer part of the contributors.
  • Review access rights to your GitHub projects periodically.
  • Ensure users do not share GitHub accounts or passwords.
  • Ensure every contributor uses two-factor authentication on their account.
  • Rotate personal access tokens and SSH keys

Never Store Credentials in Your GitHub Files

Leaking secrets to your GitHub repositories, either through code, configuration files, or commit messages, provides a gateway for attacks.

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

Jolie  Reichert

Jolie Reichert

1596161100

Stay Safe on GitHub: Security Practices to Follow

GitHub is undoubtedly the largest and most popular social development platform in the world. According to its 2019 State of the Octoverse Report, GitHub is home to over 40 million, and the community keeps expanding every day.

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment.

Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Strengthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

  • Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
  • Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
  • Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
  • Revoke access for all inactive users who are no longer part of the contributors.
  • Review access rights to your GitHub projects periodically.
  • Ensure users do not share GitHub accounts or passwords.
  • Ensure every contributor uses two-factor authentication on their account.
  • Rotate personal access tokens and SSH keys

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

Jolie  Reichert

Jolie Reichert

1595668020

Stay Safe on GitHub: Security Practices to Follow

GitHub is undoubtedly the largest and most popular social development platform in the world. According to its 2019 State of the Octoverse Report, GitHub is home to over 40 million, and the community keeps expanding every day.

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment.

Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Strengthen Access Controls

Implementing proper access control is one of the best practices for enhancing security, not only on GitHub but in every other environment where code security is imperative.

GitHub offers several options that users can employ to reduce the risk of improper exposure. But to start with, it is important to employ the least privilege model where users are only granted necessary permissions.

Here are some basic access control guidelines that you should follow:

  • Restrict the creation of repositories to prevent users from exposing organization information in public repositories.
  • Enable branch protection and status checks to ensure users can merge commits or manipulate branches safely.
  • Allow or disallow forking private repositories to ensure users do not expose or share organizational code with unauthorized parties.
  • Revoke access for all inactive users who are no longer part of the contributors.

#tutorial #github #access control #software security #repository management #github issues #source code analysis #github apps #github enterprise #git best practices

Desmond  Gerber

Desmond Gerber

1624347085

How to Create a Custom GitHub Actions Using JavaScript — Beginner Level

In this blog, we are going to learn how to create our own custom GitHub action using javaScript.

Prerequisite

  • Basic JavaScript Knowledge
  • Basic Git & GitHub Knowledge

About GitHub Actions

Automate, customize, and execute your software development workflows right in your repository with GitHub Actions. You can discover, create, and share actions to perform any job you’d like, including CI/CD, and combine actions in a completely customized workflow.

Types of Actions

There are three types of actions: Docker container actions, JavaScript actions, and composite run steps actions.

JavaScript Custom Action

Let’s create a Custom GitHub Action using JavaScript by creating a public repo, once the repo is created, we can clone it to our local machine using VS Code or GitPod. You need to have Node.js 12.x or higher and npm installed on your machine to perform the steps described here. You can verify the node and npm versions with the following commands in a VS Code or GitPod terminal.

node --version 
npm --version

#github #github-tutorial #github-actions #github-trend