
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@amagaki/amagaki-plugin-preview
Advanced tools
[![NPM Version][npm-image]][npm-url] [![GitHub Actions][github-image]][github-url] [![TypeScript Style Guide][gts-image]][gts-url]
An experimental plugin for Amagaki that facilitates content previews.
Features include:
Compute Engine default service account
.openssl base64 -in <file>.json | pbcopy
GCP_SA_KEY
.GH_TOKEN
that has a GitHub token (i.e. a
Personal Access Token) of an account that has read access to your repo. NOTE:
This requirement will be abandoned in a future version as we can authenticate
via GitHub Actions' built-in token instead..github/workflows/deploy-preview-server.yml
GCP_PROJECT_ID
and SITE
variables.Dockerfile
Makefile.preview
npm install --save @amagaki/amagaki-plugin-preview
import { PreviewPlugin } from '@amagaki/amagaki-plugin-preview';
export default function (pod: Pod) {
PreviewPlugin.register(pod);
}
A central proxy server is deployed one time only, which provides:
Unauthenticated traffic is permitted to the instance, and the instance authorizes requests within the application.
Requests to the proxy invoke a lookup of the Cloud Run instance, mapping its
hostname to labels written when it was deployed. For example, using
https://site--main.instance.com
:
preview-server=true
preview-site=site
preview-branch-token=main
If no instance at all is found, show an error message that explains the Cloud
Run instance hasn't been deployed yet. If a base instance is found (i.e. against
the main
or master
branch), yet no branch instance is found, the request
will be served by the main instance. This facilitates instant previews of
branches without requiring a the Cloud Run instance to be deployed first.
Once the lookup occurs and once an instance has been found, the result is cached to a file on the proxy's filesystem. Because the filesystem is ephemeral, the lookup result is only cached as long as the file remains. If a backend is not found given a hostname, the result is not cached.
The proxy server is deployed once per tenant or orgnaization. It is deployed on Google App Engine in order to support wildcard subdomains.
FAQs
[![NPM Version][npm-image]][npm-url] [![TypeScript Style Guide][gts-image]][gts-url]
The npm package @amagaki/amagaki-plugin-preview receives a total of 53 weekly downloads. As such, @amagaki/amagaki-plugin-preview popularity was classified as not popular.
We found that @amagaki/amagaki-plugin-preview demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.