![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@aws-cdk/aws-codeguruprofiler
Advanced tools
Readme
Amazon CodeGuru Profiler collects runtime performance data from your live applications, and provides recommendations that can help you fine-tune your application performance.
Import to your project:
import * as codeguruprofiler from '@aws-cdk/aws-codeguruprofiler';
Here's how to setup a profiling group and give your compute role permissions to publish to the profiling group to the profiling agent can publish profiling information:
// The execution role of your application that publishes to the ProfilingGroup via CodeGuru Profiler Profiling Agent. (the following is merely an example)
const publishAppRole = new iam.Role(this, 'PublishAppRole', {
assumedBy: new iam.AccountRootPrincipal(),
});
const profilingGroup = new codeguruprofiler.ProfilingGroup(this, 'MyProfilingGroup');
profilingGroup.grantPublish(publishAppRole);
Code Guru Profiler supports multiple compute environments.
They can be configured when creating a Profiling Group by using the computePlatform
property:
const profilingGroup = new codeguruprofiler.ProfilingGroup(this, 'MyProfilingGroup', {
computePlatform: codeguruprofiler.ComputePlatform.AWS_LAMBDA,
});
FAQs
Unknown package
The npm package @aws-cdk/aws-codeguruprofiler receives a total of 94,395 weekly downloads. As such, @aws-cdk/aws-codeguruprofiler popularity was classified as popular.
We found that @aws-cdk/aws-codeguruprofiler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.