Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@api3/airnode-feed
Advanced tools
A service for storing and accessing signed data.
Airnode feed is a Node.js service, dockerized and deployable on any cloud provider or hostable on premise. It is continuously running two core loops:
Fetch beacon data
- Each triggers.signedApiUpdates
entry defines a group of templates. Airnode feed makes a
template request to the API specified in the OIS to get the template data. Airnode feed's wallet is used to sign the
responses and these are then saved to in-memory storage.Push signed beacon data to signed API
- For each triggers.signedApiUpdates
, periodically checks the in-memory
storage and pushes the signed data to the configured API.See configuration for details.
The Airnode feed needs a configuration in order to run. The config
folder contains example configuration which uses:
http://localhost:8090
where the data is pushed.To start the the Airnode feed in dev mode run the following:
cp config/airnode-feed.example.json config/airnode-feed.json
- To copy the Airnode feed configuration from the
example. Note, the airnode-feed.json
file is ignored by git. If you are using Docker Desktop, you need to change
the URL from localhost to host.docker.internal
. For example:
"url": "http://host.docker.internal:8090"
cp config/secrets.example.env config/secrets.env
- To copy the secrets.env needed for the configuration. This file
is also ignored by git.
Set the NODARY_API_KEY
inside the secrets file. Ask someone from development team for the key.
cp .env.example .env
- To copy the example environment variables. Optionally change the defaults.
pnpm run dev
- To run the Airnode feed. This step assumes already running signed API as specified in the
airnode-feed.json
configuration.
To run the tests:
pnpm run test
# or to run test only from a specific files (path substring search)
pnpm run test schema
# or to enable logger (by default the logger is disabled by jest.setup.js).
LOGGER_ENABLED=true pnpm run test
You can use shorthands from package.json. To understand how the docker image is built, read the Dockerfile.
pnpm run docker:build
pnpm run docker:run
To deploy Airnode feed on AWS you can use the Cloud Formation template created by the API integrations team. The template can be found in the private api-integrations repository here.
To deploy on premise you can use the Docker image by reading the instructions below.
To run the Airnode feed docker image you need to:
/app/config
. The folder should contain the airnode-feed.json
and secrets.env
files.-it --init
flags to the docker run command. This is needed to ensure the docker is stopped gracefully. See
this for details.--env-file
with the path to the .env
file containing the ENV configuration.--rm
flag to remove the container after it is stopped.--network host
to access the host network. This has no effect for Docker
Desktop.localhost
to host.docker.internal
in the configuration files.For example:
# Assuming the current folder contains the "config" folder and ".env" file.
docker run -it --init --volume $(pwd)/config:/app/config --env-file .env --rm api3/airnode-feed:latest
FAQs
> A service for storing and accessing signed data.
We found that @api3/airnode-feed demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.