Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/fabasoad/nsfw-detection-action
- Version published
- Created
NSFW detection action
This action checks each modified and added file with the extensions that is defined in action configuration and failed in case of threshold of NSFW check is greater or equals to the threshold defined in action configuration. NSFW detection runs by chosen provider.
Contents
Providers
Cloudmersive
Identifier is cloudmersive. Sign up to Cloudmersive
official website. Then go to API Keys
page, create a new one and copy it.
DeepAI
Identifier is deepai. Sign up to DeepAI official website.
Then go to Profile page and copy api-key
that is located on the top of the page.
PicPurify
Identifier is picpurify. Sign up to PicPurify
official website. Then go to API Keys
page and copy API key that is located on the top of the page.
SightEngine
Identifier is sightengine. Sign up to SightEngine
official website. Then go to Get Started
page and copy API user and API secret from the examples provided. This provider
requires to provide 2 API identifiers, so please put them into api_key parameter
separated by comma. For example, your api_user is 123456 and api_secret is
abcdef, so api_key should be 123456,abcdef.
Inputs
| Name | Required | Description | Default | Possible values |
|---|---|---|---|---|
| github_token | Yes | GitHub token | <String> | |
| provider | Yes | Provider identifier | <String> | |
| api_key | Yes | API key that should be used for chosen provider | <String> | |
| threshold | Yes | Action will be failed in case NSFW detection value will be greater or equal to this parameter | <Float> | |
| type | No | Type of committed files separated by comma | modified,added,renamed | modified,added,renamed |
| extensions | No | List of file extensions separated by comma | jpeg,jpg,png,gif,webp,tiff,bmp | jpeg,jpg,png,gif,webp,tiff,bmp |
Example usage
Workflow configuration
name: Test
on: push
jobs:
nsfw-detection:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- uses: fabasoad/nsfw-detection-action@main
with:
provider: deepai
threshold: 0.9
type: modified,added,renamed
extensions: jpg,jpeg
github_token: ${{ secrets.GITHUB_TOKEN }}
api_key: ${{ secrets.DEEPAI_API_KEY }}
Result
FAQs
Unknown package
Package last updated on 30 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024