mirror of https://github.com/zulip/zulip.git
43c8c720ef
As predicted in https://www.kb.cert.org/vuls/id/319816/, a malicious worm is beginning to spread across the npm ecosystem through package postinstall scripts. Only instead of direct self-replicating code, the replication vector is the temptation to monetize postinstall scripts by polluting the console logs with paid advertisements. The effect will be the same unless we all put a stop to this while we still can. Apply the recommended VU#319816 workaround, which is to disable lifecycle scripts when installing npm packages. The only fallout is: * node-sass can’t run because it uses compiled native code; we replace it with Dart Sass. * phantomjs-prebuilt doesn’t download the binary at install time; we tell it to download it in run-casper. * ttf2woff2 transparently falls back from native code to an Emscripten build. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> |
||
|---|---|---|
| .. | ||
| lib | ||
| nagios | ||
| setup | ||
| README.md | ||
| __init__.py | ||
| get-django-setting | ||
| purge-old-deployments | ||
| restart-server | ||
| upgrade-zulip | ||
| upgrade-zulip-from-git | ||
| zulip-puppet-apply | ||
README.md
This directory contains scripts that:
-
Generally do not require access to Django or the database (those are "management commands"), and thus are suitable to run operationally.
-
Are useful for managing a production deployment of Zulip (many are also used in a Zulip development environment, though development-only scripts live in
tools/).
For more details, see https://zulip.readthedocs.io/en/latest/overview/directory-structure.html.