Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Product
Bret Comnes
January 27, 2023
Dashboards are the easiest way to not have to go digging around in the depths of APIs and emails to find what you need and how to do what you need to do. To that end, Socket Security has been launching quietly our own dashboard. The dashboard allows centralized exploration or management of many things that previously were only available in a decentralized manner requiring discovery through things like clicking into GitHub pull requests to find historical data.
Like every feature, the questions become what best serves the people using the feature. As a dashboard this is complex because it is actually used as a focal point from which all other features can be configured, enhanced, or investigated. There are a lot of features here but lets get into the thick of it!
Right now it is possible to configure what issues Socket Security reports as hidden or shown for things like the GitHub app or the CLI using a socket.yml
file in each repository. The Socket Security dashboard allows configuring this at an organization level and avoids putting files in every repository. At the same time, having this organization level setting allows security teams to quickly change organization level settings without needing to send pull requests to all the repositories affected.
API Keys are critical when using the Socket API or CLI. The dashboard allows creating new API keys, revoking them, and even rotating them with ease. Additionally, these API keys can leverage organization level settings as well to get automatic configuration!
These keys are also important for audits. Knowing when a key was last used and when it was first created allows understanding impacts of security events involving them when you decide to revoke or rotate them.
Reports for projects can be done in several ways and this can lead to a lot of things going on. Being able to see reports across your entire organization allows for quickly cross referencing common issues to help understand what is going on and what may need to be configured or when an issue was first introduced.
Organizations are not tied to individual accounts and have multiple membership levels. As people require access to Socket Security or need to be removed, your team can use self service features to do so. These management features allow simple sharing of invitations using either email or link.
One of the most important things when using organizations is allowing allowing encapsulation. Having to login/logout to change organizations is not ideals from an experience standpoint, but more interestingly it leaks a potential issue with organizations. If a user cannot have multiple organizations it leads to fake emails, email aliases, and other trickery to make things work. Socket Security's dashboard gives first class experience to not only organizations with multiple users, but users with multiple organizations. One of the most common situations for this is isolating work for things like Open Source Software (OSS) versus internal work. A security team can manage both organizations easily by using the dashboard.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.