
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
github.com/tyktechnologies/tyk-oauth-flow-example
This is a quick project that shows the Tyk OAuth request cycle from start to finish.
To try this project out:
oauth2
http://localhost:8000/login
http://localhost:8000/final
Now edit the tmpl/index.html
file:
redirect_uri
value to the one of your clientclient_id
element to the value of your client IDNow edit config.go
:
APIlistenPath
to oauth2
(or whatever the listen path is for your OAuth API)orgID
to be your Org ID (Go to users -> select your user, it is under RPC credentials)policyID
to be your policy IDGatewayHost
to be the host path to your gateway e.g. http://domain.com:port (note no trailing slash)AdminSecret
to your the secret in your tyk.conf
Now run the app:
go run *.go
Then visit:
If you've set everything up correctly, you should be taken throguh a full OAuth flow.
This app emulates two parties:
We make use of the Tyk REST API Authorization endpoint to complete the request cycle, you can see an API client in the util.go
file.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.