Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/davidsansome/gcloud-golang
import "google.golang.org/cloud"
NOTE: These packages are experimental, and may occasionally make backwards-incompatible changes.
NOTE: Github repo is a mirror of https://code.googlesource.com/gocloud.
Go packages for Google Cloud Platform services. Supported APIs are:
Google API | Status | Package |
---|---|---|
Datastore | experimental | google.golang.org/cloud/datastore |
Cloud Storage | experimental | google.golang.org/cloud/storage |
Pub/Sub | experimental | google.golang.org/cloud/pubsub |
BigTable | stable | google.golang.org/cloud/bigtable |
BigQuery | experimental | google.golang.org/cloud/bigquery |
Logging | experimental | google.golang.org/cloud/logging |
Experimental status: the API is still being actively developed. As a result, it might change in backward-incompatible ways and is not recommended for production use.
Beta status: the API is largely complete, but still has outstanding features and bugs to be addressed. There may be minor backwards-incompatible changes where necessary.
Stable status: the API is mature and ready for production use. We will continue addressing bugs and feature requests.
Documentation and examples are available at https://godoc.org/google.golang.org/cloud
By default, each API will use Google Application Default Credentials for authorization credentials used in calling the API endpoints. This will allow your application to run in many environments without requiring explicit configuration.
Manually-configured authorization can be achieved using the
golang.org/x/oauth2
package to
create an oauth2.TokenSource
. This token source can be passed to the NewClient
function for the relevant API using a
[cloud.WithTokenSource
][https://godoc.org/google.golang.org/cloud#WithTokenSource]
option.
Google Cloud Datastore (docs) is a fully- managed, schemaless database for storing non-relational data. Cloud Datastore automatically scales with your users and supports ACID transactions, high availability of reads and writes, strong consistency for reads and ancestor queries, and eventual consistency for all other queries.
Follow the activation instructions to use the Google Cloud Datastore API with your project.
https://godoc.org/google.golang.org/cloud/datastore
First create a datastore.Client
to use throughout your application:
client, err := datastore.NewClient(ctx, "my-project-id")
if err != nil {
log.Fatalln(err)
}
Then use that client to interact with the API:
type Post struct {
Title string
Body string `datastore:",noindex"`
PublishedAt time.Time
}
keys := []*datastore.Key{
datastore.NewKey(ctx, "Post", "post1", 0, nil),
datastore.NewKey(ctx, "Post", "post2", 0, nil),
}
posts := []*Post{
{Title: "Post 1", Body: "...", PublishedAt: time.Now()},
{Title: "Post 2", Body: "...", PublishedAt: time.Now()},
}
if _, err := client.PutMulti(ctx, keys, posts); err != nil {
log.Fatal(err)
}
Google Cloud Storage (docs) allows you to store data on Google infrastructure with very high reliability, performance and availability, and can be used to distribute large data objects to users via direct download.
https://godoc.org/google.golang.org/cloud/storage
First create a storage.Client
to use throughout your application:
client, err := storage.NewClient(ctx)
if err != nil {
log.Fatal(err)
}
// Read the object1 from bucket.
rc, err := client.Bucket("bucket").Object("object1").NewReader(ctx)
if err != nil {
log.Fatal(err)
}
defer rc.Close()
body, err := ioutil.ReadAll(rc)
if err != nil {
log.Fatal(err)
}
Google Cloud Pub/Sub (docs) allows you to connect your services with reliable, many-to-many, asynchronous messaging hosted on Google's infrastructure. Cloud Pub/Sub automatically scales as you need it and provides a foundation for building your own robust, global services.
https://godoc.org/google.golang.org/cloud/pubsub
// Publish "hello world" on topic1.
msgIDs, err := pubsub.Publish(ctx, "topic1", &pubsub.Message{
Data: []byte("hello world"),
})
if err != nil {
log.Println(err)
}
// Pull messages via subscription1.
msgs, err := pubsub.Pull(ctx, "subscription1", 1)
if err != nil {
log.Println(err)
}
Contributions are welcome. Please, see the CONTRIBUTING document for details. We're using Gerrit for our code reviews. Please don't open pull requests against this repo, new pull requests will be automatically closed.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See Contributor Code of Conduct for more information.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.