Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
github.com/kombustor/rss-fulltext-proxy
100
Supply Chain Security
100
Vulnerability
100
Quality
100
Maintenance
100
License
RSS Fulltext Proxy 📃
Can "proxy"/mirror any RSS Feed to fetch full-text Content. Allows integration into any feed reader, without plugins or further configuration required.
Deployment
Using Docker (recommended)
- Download and modify the docker-compose.yml file to your liking.
- Run
docker-compose up -d
Manually
- Clone the repository:
git clone https://github.com/Kombustor/rss-fulltext-proxy.git - Change working path:
cd rss-fulltext-proxy - Install dependencies:
npm install - Compile:
npm run build - Run:
node dist/server.js
Note: You have to set the environment variables described in Configuration yourself, and you have to start a local redis server.
Configuration
The application is easily configurable with environment variables.
| Name | Type | Default | Description |
|---|---|---|---|
| PORT | number | 3000 | The port the webserver listens on. |
| REDIS_URL | string | redis://127.0.0.1 | The redis connection URL for caching. |
| CACHE_EXPIRY_SECONDS | number | 900 | The number of seconds for cache entries to expire. |
Usage
We have to define two query parameters:
| Identifier | Description |
|---|---|
| feed | The original feed URL to proxy. |
| selectors | URL-encoded string[] of CSS-selectors. |
Example:
- Feed URL:
http://rss.sueddeutsche.de/rss/Topthemen - Query Selectors of relevant HTML elements:
["figure.asset-image", "section.body > p, section.body > h3"] - URL-encoded selectors using this website:
%5B%22figure.asset-image%22%2C%20%22section.body%20%3E%20p%2C%20section.body%20%3E%20h3%22%5D - The URL we are adding to our feed reader is:
http://host:post/?feed=http://rss.sueddeutsche.de/rss/Topthemen&selectors=%5B%22figure.asset-image%22%2C%20%22section.body%20%3E%20p%2C%20section.body%20%3E%20h3%22%5D - We are getting full-text RSS content for this feed. 🔥
A collection of selectors can be found on the wiki page. If you create or improve a selector, feel free to open a pull request to add it to the wiki page.
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
TODO
- Make redis optional.
- Add common templates for easier usage.
- Unit tests.
- Linting.
- Add option to clear cache.
- Tutorial on how to choose selectors.
- Webinterface to visually select elements that should be included/removed.
- Support websites which don't provide a RSS feed.
License
FAQs
Unknown package
Package last updated on 07 Aug 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025