
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Douglas Coburn
September 13, 2024
We’re excited to release first version of Socket’s Python Software Development Kit (SDK), now available on PyPI. Our SDK simplifies integrating Socket's security features into your Python applications by providing a user-friendly wrapper around the Socket REST API.
We designed this SDK to make it easier for our customers who user Python to integrate Socket into their workflows. It makes it possible for developers to easily retrieve detailed information on npm package issues, scores, dependencies, organization settings, and more.
Installing the Socket Python SDK is as simple as running:
pip install socket-sdk-python
Developers can then easily integrate the SDK into their projects, allowing them to streamline monitoring and managing package dependencies, retrieving security scores, viewing reports, and tracking issues. Detailed instructions for setting up and using the SDK can be found in the project description on PyPI, including all the available parameters and functions.
Check out our product changelog for all the information on the latest fixes and improvements. Moving forward, all updates will be published to the SDK’s package on PyPI. Feel free to get in touch if you have any feedback or suggestions. We would love to hear from you, as your input helps us continuously improve and tailor the SDK to better meet your security needs.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.