![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@airops/airops-js
Advanced tools
Readme
Use AirOps API in your client application with our JavaScript SDK.
To authenticate with our API using the SDK, you'll need three pieces of information: your workspace id, API key and user id (identifier for the user in your application). First, use the API key to hash your user id on your back-end server. This will result in a hashed user id that is unique to your API key and user id combination. Workspace id and API key can be found in your workspace settings.
const crypto = require('crypto');
const userIdHash = () => {
const apiKey = 'YOUR_API_KEY';
const userId = 'YOUR_USER_ID';
// Convert your api key to a buffer
const key = Buffer.from(apiKey, 'utf-8');
// Hash the message using HMAC-SHA256 and the key
const hash = crypto.createHmac('sha256', key).update(userId).digest('hex');
return hash;
};
npm i @airops/js_sdk
or use the CDN:
<script src=“https://cdn.jsdelivr.net/npm/@airops/js_sdk/dist/index.umd.min.js”></script>
const airopsInstance = AirOps.identify({
userId: 'YOUR_USER_ID',
workspaceId: 'YOUR_WORKSPACE_ID',
hashedUserId: 'YOUR_USER_ID_HASH',
});
Once you have successfully initialized the SDK, you can begin using the methods available to interact with our API. Note that the methods will return promises.
// Execute an app
const response = await airopsInstance.apps.execute({
appId: 1,
version: 1,
payload: {
inputs: {
name: 'XXXXYYYYZZZZ',
},
},
});
// Wait for result
const result = await response.result();
// Do something with result.output
// Cancel execution
await response.cancel();
The response from the execute method will contain the execution id that can be used to retrieve results later along with two methods to wait for results or cancel the execution:
interface ExecuteResponse {
executionId: number;
result: () => Promise<AppExecution>;
cancel: () => Promise<void>;
}
interface AppExecution {
airops_app_id: number;
id: number;
status: string;
output: string;
stream_channel_id: string;
}
The result method implements pulling logic for results with a timeout of 10 minutes. If you want to implement your own pulling logic you can use the getResults method described below.
In order to stream the app results you will need to enable stream and pass a callback function to the execute method. Optionally you can pass an extra callback function to get a notification when the app is finished.
const response = await airopsInstance.apps.execute({
appId: 1,
version: 1,
payload: {
inputs: {
name: 'XXXXYYYYZZZZ',
},
},
stream: true,
streamCallback: (data: { content: string }) => {
// Do something with the data
},
streamCompletedCallback: (data: { content: string }) => {
// Do something with the data
},
});
You can implement your own pulling logic using the getResults method.
const result = await airopsInstance.apps.getResults({
appId: 1,
executionId: response.executionId,
});
const response = await airopsInstance.apps.chatStream({
appId: 2,
message,
streamCallback: (data: { token: string }) => {
// do something with data.token
},
streamCompletedCallback: (data: { result: string }) => {
// do something with data.result
},
...(sessionId && { sessionId }), // optionally pass sessionId to continue chat.
});
// Wait for result
const result = await response.result;
// Do something with result.result
// Use session id to continue chat
response.sessionId;
The response from the chatStream method will contain the sessionId and a result method to wait for the response. In order to continue with the chat pass the sessionId along with the message.
export interface ChatStreamResponse {
sessionId: string;
result: Promise<{ result: string }>; // result is a promise that resolves when the execution is completed.
}
try {
await airopsInstance.apps.execute({
appId: 1,
version: 4,
payload: {
inputs: { name: 'XXXXYYYYZZZZ' },
},
});
} catch (e) {
// Do something with error.message
}
FAQs
Unknown package
We found that @airops/airops-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.