fhemberger

Node.js: Create checksums for npm's 'postinstall' actions

After watching Patrick Debois' talk from DeliveryConf »How Secure Is Your Build / Server?«, I tried to get at least a rough idea if postinstall steps where running at all and if they do the same things after a package update.

So I wrote a little proof of concept that will:

• Create a Dockerfile, using package.json and package-lock.json from a Node.js project in the current directory
• Install all its dependencies inside the Docker container first, without running any postinstall steps, then do the same with running the scripts.
• Reading the diff of those steps using Docker's image layers
• And calculate a checksum of those changes.

fhemberger

local usbLogger = hs.logger.new('usb', 'debug')

function configureKeyboard(data)
  -- Uncomment the "usbLogger" line below, plug in the USB keyboard and update the USB vendor and product ID
  local isKeyboardAffected = data.vendorID == 9610 and data.productID == 89
  -- usbLogger.df("eventType %s, pname %s, vname %s, vId %s, pId %s, keyboardAffected %s", data.eventType, data.productName, data.vendorName, data.vendorID, data.productID, isKeyboardAffected)
  if isKeyboardAffected and data.eventType == "added" then
    hs.keycodes.setLayout("U.S.")
  end
  if isKeyboardAffected and data.eventType == "removed" then