Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
org.igniterealtime.smack:smack-omemo
Advanced tools
Smack is an open-source, highly modular, easy to use, XMPP client library written in Java for Java SE compatible JVMs and Android.
Being a pure Java library, it can be embedded into your applications to create anything from a full XMPP instant messaging client to simple XMPP integrations such as sending notification messages and presence-enabling devices. Smack and XMPP allow you to easily exchange data in various ways e.g., fire-and-forget, publish-subscribe, between human and non-human endpoints (M2M, IoT, …).
More information is provided by the Overview.
Start with having a look at the Documentation and the Javadoc.
Instructions on how to use Smack in your Java or Android project are provided in the Smack Readme and Upgrade Guide.
Most of Smack is governed by the Apache License 2.0 (SPDX License Identifier: Apache 2.0). This license requires that the contents of a NOTICE text file are shown "…within a display generated by the Derivative Works, if and wherever such third-party notices normally appear.".
Smack comes which such a NOTICE file. Moreover, since smack-core
is licensed under the Apache License 2.0, the conditions apply to every project using Smack. The content of Smack's NOTICE file can conveniently be retrieved using Smack.getNoticeStream()
.
Some subprojects of Smack are governed by other licenses. Please refer to the individual subprojects.
Smack is a collaborative effort of many people. Some are paid, e.g., by their employer or a third party, for their contributions. But many contribute in their spare time for free. While we try to provide the best possible XMPP library for Android and Java SE-compatible execution environments by following state-of-the-art software engineering practices, the API may not always perfectly fit your requirements. Hence welcome contributions and encourage discussion about how Smack can be further improved. We also provide paid services ranging from XMPP/Smack related consulting to designing and developing features to accommodate your needs. Please contact Florian Schmaus for further information.
Only a few users have access for filling bugs in the tracker. New users should:
Please search for your issues in the bug tracker before reporting.
The developers hang around in smack@conference.igniterealtime.org. You may use this link to join the room via inverse.chat. Remember that it may take some time (~hours) to get a response.
You can also reach us via the Smack Support Forum if you have questions or need support, or the Smack Developers Forum if you want to discuss Smack development.
If you want to start developing for Smack and eventually contribute code back, then please have a look at the Guidelines for Smack Developers and Contributors. The guidelines also contain development quickstart instructions.
Ignite Realtime is an Open Source community composed of end-users and developers around the world who are interested in applying innovative, open-standards-based RealTime Collaboration to their businesses and organizations. We're aimed at disrupting proprietary, non-open standards-based systems and invite you to participate in what's already one of the biggest and most active Open Source communities.
Smack - an Ignite Realtime community project.
FAQs
Unknown package
We found that org.igniterealtime.smack:smack-omemo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.