Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/jonas747/go-reddit
A Golang wrapper for the Reddit API. This package aims to implement every endpoint exposed according to the documentation in a user friendly, well tested and documented manner.
Install the package with
go get github.com/cameronstanley/go-reddit
Many endpoints in the Reddit API require OAuth2 authentication to access. To get started, register an app at https://www.reddit.com/prefs/apps and be sure to note the ID, secret, and redirect URI. These values will be used to construct the Authenticator to generate a client with OAuth access. The following is an example of creating an authenticated client using a manual approach:
package main
import(
"fmt"
"github.com/cameronstanley/go-reddit"
)
func main() {
// Create a new authenticator with your app's client ID, secret, and redirect URI
// A random string representing state and a list of requested OAuth scopes are required
authenticator := reddit.NewAuthenticator("<client_id>", "<client_secret>", "<redirect_uri>", "<random_string>", reddit.ScopeIdentity)
// Instruct your user to visit the URL retrieved from GetAuthenticationURL in their web browser
url := authenticator.GetAuthenticationURL()
fmt.Printf("Please proceed to %s\n", url)
// After the user grants permission for your client, they will be redirected to the supplied redirect_uri with a code and state as URL parameters
// Gather these values from the user on the console
// Note: this can be automated by having a web server listen on the redirect_uri and parsing the state and code params
fmt.Print("Enter state: ")
var state string
fmt.Scanln(&state)
fmt.Print("Enter code: ")
var code string
fmt.Scanln(&code)
// Exchange the code for an access token
token, err := authenticator.GetToken(state, code)
// Create a new client using the access token and a user agent string to identify your application
client := authenticator.GetAuthClient(token, "<platform>:<app ID>:<version string> (by /u/<reddit username>)")
}
// Returns a new unauthenticated client for invoking the API
client := reddit.NoAuthClient
// Retrives a listing of default subreddits
client.GetDefaultSubreddits()
// Retrives a listing of hot links for the "news" subreddit
client.GetHotLinks("news")
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.