Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.hscsec.cn/ubclaunchpad/inertia
An effortless, self-hosted continuous deployment platform.
Usage · Motivation & Design · Contributing · Wiki
Inertia is a user-friendly, cross-platform command line application and serverside agent that enables quick and easy setup and management of continuous, automated deployment of a variety of project types on any virtual private server. The project is used, built, and maintained with :heart: by UBC Launch Pad, UBC's student-run software engineering club.
Main Features | |
---|---|
🚀 | Simple to use - set up a deployment from your computer without ever having to manually SSH into your remote |
🍰 | Cloud-agnostic - use any Linux-based remote virtual private server provider you want |
⚒ | Versatile project support - deploy any Dockerfile or docker-compose project |
🚄 | Continuous deployment - Webhook integrations for GitHub, GitLab, and Bitbucket means your project can be automatically updated, rebuilt, and deployed as soon as you git push |
🛂 | In-depth controls - start up, shut down, and monitor your deployment with ease from the command line or using Inertia's REST API |
🏷 | Flexible configuration - branch deployment, environment variables, easy file transfer for configuration files, build settings, and more |
📦 | Built-in provisioning - easily provision and set up VPS instances for your project with supported providers such as Amazon Web Services using a single command |
👥 | Built for teams - provide shared access to an Inertia deployment by adding users |
🔑 | Secure - secured with access tokens and HTTPS across the board, as well as features like 2FA for user logins |
Check out our new Inertia Usage Guide to get started with using Inertia for your project! The guide will walk you through installing Inertia, setting up a project, deploying to a remote, managing your deployment, and advanced usage tips.
If you...
Inertia might be for you! For example, UBC Launch Pad teams have used Inertia to set up automated deployments for projects like Rocket 2 and Bumper, and nwPlus used Inertia to stage previews of the nwHacks 2019 website during development.
UBC Launch Pad is a student-run software engineering club at the University of British Columbia that aims to provide students with a community where they can work together to build a all sorts of cool projects, ranging from mobile apps and web services to cryptocurrencies and machine learning applications.
Many of our projects rely on hosting providers for deployment. Unfortunately we frequently change hosting providers based on available funding and sponsorship, meaning our projects often need to be redeployed. On top of that, deployment itself can already be a frustrating task, especially for students with little to no experience setting up applications on remote hosts. Inertia is a project we started to address these problems, with the goal of developing an in-house deployment system that can make setting up continuously deployed applications simple and painless, regardless of the hosting provider.
The primary design goals of Inertia are to:
There is a detailed Medium post that goes over the project, its motivations, the design choices we made, and Inertia's implementation. The team has also made a few presentations about Inertia that go over its design in some more detail:
In summary, Inertia consists of two major components: a deployment daemon and a command line interface.
The deployment daemon runs persistently in the background on the server, receiving webhook events from GitHub whenever new commits are pushed. The CLI provides an interface to adjust settings and manage the deployment - this is done through HTTPS requests to the daemon, authenticated using JSON web tokens generated by the daemon. Remote configuration is stored locally in .inertia.toml
.
Inertia is set up serverside by executing a script over SSH that installs Docker and starts an Inertia daemon image with access to the host Docker socket. This Docker-in-Docker configuration gives the daemon the ability to start up other containers alongside it, rather than within it, as required. Once the daemon is set up, we avoid using further SSH commands and execute Docker commands through Docker's Golang API. Instead of installing the docker-compose toolset, we use a docker-compose image to build and deploy user projects.
Any contribution (pull requests, feedback, bug reports, ideas, etc.) is welcome!
Please see our contribution guide for contribution guidelines as well as a detailed guide to help you get started with Inertia's codebase.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.