Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@amagaki/amagaki-plugin-preview
Advanced tools
[![NPM Version][npm-image]][npm-url] [![GitHub Actions][github-image]][github-url] [![TypeScript Style Guide][gts-image]][gts-url]
An experimental plugin for Amagaki that facilitates content previews.
Features include:
Compute Engine default service account
.openssl base64 -in <file>.json | pbcopy
GCP_SA_KEY
.GH_TOKEN
that has a GitHub token (i.e. a
Personal Access Token) of an account that has read access to your repo. NOTE:
This requirement will be abandoned in a future version as we can authenticate
via GitHub Actions' built-in token instead..github/workflows/deploy-preview-server.yml
GCP_PROJECT_ID
and SITE
variables.Dockerfile
Makefile.preview
npm install --save @amagaki/amagaki-plugin-preview
import { PreviewPlugin } from '@amagaki/amagaki-plugin-preview';
export default function (pod: Pod) {
PreviewPlugin.register(pod);
}
A central proxy server is deployed one time only, which provides:
Unauthenticated traffic is permitted to the instance, and the instance authorizes requests within the application.
Requests to the proxy invoke a lookup of the Cloud Run instance, mapping its
hostname to labels written when it was deployed. For example, using
https://site--main.instance.com
:
preview-server=true
preview-site=site
preview-branch-token=main
If no instance at all is found, show an error message that explains the Cloud
Run instance hasn't been deployed yet. If a base instance is found (i.e. against
the main
or master
branch), yet no branch instance is found, the request
will be served by the main instance. This facilitates instant previews of
branches without requiring a the Cloud Run instance to be deployed first.
Once the lookup occurs and once an instance has been found, the result is cached to a file on the proxy's filesystem. Because the filesystem is ephemeral, the lookup result is only cached as long as the file remains. If a backend is not found given a hostname, the result is not cached.
The proxy server is deployed once per tenant or orgnaization. It is deployed on Google App Engine in order to support wildcard subdomains.
FAQs
[![NPM Version][npm-image]][npm-url] [![TypeScript Style Guide][gts-image]][gts-url]
The npm package @amagaki/amagaki-plugin-preview receives a total of 57 weekly downloads. As such, @amagaki/amagaki-plugin-preview popularity was classified as not popular.
We found that @amagaki/amagaki-plugin-preview demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.