Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/jjeffery/mturk
This package was developed at a time when there was no officially supported Mechanical Turk SDK for Go. AWS have since added support for Mechanical Turk to the AWS SDK for Go. This package is retained for backwards compatibility, but will not receive any further enhancements. For any new development, use the offically supported SDK instead.
Package mechturk provides a Go SDK for the AWS Mechanical Turk Requester API.
Here is a simple example that invokes the GetAccountBalance operation:
package main
import (
"log"
"github.com/jjeffery/mechturk"
)
func main() {
mt := mechturk.New()
result, err := mt.GetAccountBalance(&mechturk.GetAccountBalanceRequest{})
if err != nil {
log.Fatal(err)
}
log.Println(mechturk.Prettify(result))
}
This program will produce output similar to:
{
Request: {
IsValid: "True"
},
AvailableBalance: {
Amount: 10000,
CurrencyCode: "USD",
FormattedPrice: "$10,000.00"
}
}
The subdirectory cmd/mechturk
contains a command line client. Not all Mechanical Turk
commands are supported yet -- commands are added as they are needed. Pull requests
are welcome.
Example usage:
$ mechturk --sandbox get-account-balance
{
Request: {
IsValid: "True"
},
AvailableBalance: {
Amount: 10000,
CurrencyCode: "USD",
FormattedPrice: "$10,000.00"
}
}
This project is still under development, and there is currently no guarantee of API stability. If you are planning to make use of this code in any sort of production environment, please consider vendoring the version you are using with your project.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.