
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
github.com/PTarasyuk/kbot
DevOps application from scratch
KBot is a Telegram bot written in the Go programming language, utilizing the Cobra-CLI v1.8.0 framework for command handling and Telebot v3.1.4 for integration with the Telegram API.
To get started with KBot, clone the repository:
git clone https://github.com/PTarasyuk/kbot.git
cd kbot
To install all necessary dependencies and compile the project, use:
go get
go build -ldflags "-X="github.com/PTarasyuk/kbot/cmd.appVersion=v1.0.2
To test the compiled project, do the following:
./kbot version
as a result, you should get the app's version v1.0.2
.
Enter your Telegram bot token in silent mode:
read -s TELE_TOKEN
Export the value of the TELE TOKEN variable to the current shell environment.
export TELE_TOKEN
Run KBot using the following command:
./kbot start
This project uses a Makefile for common tasks. Run the following commands:
make format
make lint
make test
make get
make build
(Override REGISTRY
, TARGETOS
and TARGETARCH
with make build REGISTRY=ptarasyuk TARGETOS=linux TARGETARCH=arm
)make image
(Override REGISTRY
, TARGETOS
and TARGETARCH
with make image REGISTRY=ptarasyuk TARGETOS=linux TARGETARCH=arm
)make push
(Override REGISTRY
, TARGETOS
and TARGETARCH
with make push REGISTRY=ptarasyuk TARGETOS=linux TARGETARCH=arm
)make clean
For more details and options, run make help
.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.