Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
github.com/aldelo/common
- Version
- v1.6.7
- Version published
- Created
common
Common helper utilities and wrappers for code reuse.
When we code projects, we constantly encounter a similar set of functionality and logic. This package's intent is to wrap those commonly recurring functionalities and access points into a reusable helper package, so that we don't have to keep maintaining separate code bases.
This package will continue to be updated with more reusable code as well.
Usage
- To use the common package:
- in the project folder root:
- go mod init
- go mod tidy
- For example, if project is "HelloWorld":
- /HelloWorld/go mod init
- /HelloWorld/go mod tidy
types of helpers
- string helpers
- number helpers
- io helpers
- converter helpers
- db type helpers
- net helpers
- reflection helpers
- regex helpers
- time and date helpers
- uuid helpers
- crypto helpers (aes, gcm, rsa, sha, etc)
- csv parser helpers
- wrappers for aws related services
- service discovery / cloud map wrapper (using aws sdk)
- dynamodb / dax wrapper (using aws sdk)
- kms wrapper (using aws sdk)
- redis wrapper (using go-redis package)
- s3 wrapper (using aws sdk)
- ses wrapper (using aws sdk)
- sqs wrapper (using aws sdk)
- sns wrapper (using aws sdk)
- gin web server
- xray wrapper (using aws sdk)
- use xray.Init() to config
- use xray.SetXRayServiceOn() to enable xray tracing
- xray tracing is already coded into the following services:
- kms, cloudmap, dynamodb, redis, s3, ses, sns, sqs, mysql, gin
- wrappers for relational database access
- mysql wrapper (using sqlx package)
- sqlite wrapper (using sqlx package)
- sqlserver wrapper (using sqlx package)
- other wrappers
- for running as systemd service
- for logging and config
- for circuit breaker and rate limit
- etc.
build and deploy automation
- Create a file such as 'build.sh' within project
- Edit file content as:
#!/bin/zsh
GOOS=linux GOARCH=amd64 go build
scp -i ~/.ssh/YourKey.pem YourBinary hostUserName@hostIP:/home/hostUserName/targetFolder
- Descriptions:
- YourKey.pem = the Linux Host SSH Certificate Key
- YourBinary = the Binary Build by go build to Upload
- hostUserName = the Linux Host Login Username
- hostIP = the Linux Host IP Address
- hostUserName = the Linux Host Login Username
- targetFolder = the Linux Host Folder Where SCP Will Upload YourBinary To
FAQs
Unknown package
Package last updated on 27 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025