![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@aws-cdk/region-info
Advanced tools
Readme
Some information used in CDK Applications differs from one AWS region to another, such as service principals used in IAM policies, S3 static website endpoints, ...
RegionInfo
classThe library offers a simple interface to obtain region specific information in
the form of the RegionInfo
class. This is the preferred way to interact with
the regional information database:
// Get the information for "eu-west-1":
const region = regionInfo.RegionInfo.get('eu-west-1');
// Access attributes:
region.s3StaticWebsiteEndpoint; // s3-website-eu-west-1.amazonaws.com
region.servicePrincipal('logs.amazonaws.com'); // logs.eu-west-1.amazonaws.com
The RegionInfo
layer is built on top of the Low-Level API, which is described
below and can be used to register additional data, including user-defined facts
that are not available through the RegionInfo
interface.
This library offers a primitive database of such information so that CDK
constructs can easily access regional information. The FactName
class provides
a list of known fact names, which can then be used with the RegionInfo
to
retrieve a particular value:
const codeDeployPrincipal = regionInfo.Fact.find('us-east-1', regionInfo.FactName.servicePrincipal('codedeploy.amazonaws.com'));
// => codedeploy.us-east-1.amazonaws.com
const staticWebsite = regionInfo.Fact.find('ap-northeast-1', regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT);
// => s3-website-ap-northeast-1.amazonaws.com
As new regions are released, it might happen that a particular fact you need is
missing from the library. In such cases, the Fact.register
method can be used
to inject FactName into the database:
class MyFact implements regionInfo.IFact {
public readonly region = 'bermuda-triangle-1';
public readonly name = regionInfo.FactName.servicePrincipal('s3.amazonaws.com');
public readonly value = 's3-website.bermuda-triangle-1.nowhere.com';
}
regionInfo.Fact.register(new MyFact());
In the event information provided by the library is incorrect, it can be
overridden using the same Fact.register
method demonstrated above, simply
adding an extra boolean argument:
class MyFact implements regionInfo.IFact {
public readonly region = 'us-east-1';
public readonly name = regionInfo.FactName.servicePrincipal('service.amazonaws.com');
public readonly value = 'the-correct-principal.amazonaws.com';
}
regionInfo.Fact.register(new MyFact(), true /* Allow overriding information */);
If you happen to have stumbled upon incorrect data built into this library, it is always a good idea to report your findings in a GitHub issue, so we can fix it for everyone else!
This module is part of the AWS Cloud Development Kit project.
FAQs
Unknown package
The npm package @aws-cdk/region-info receives a total of 198,690 weekly downloads. As such, @aws-cdk/region-info popularity was classified as popular.
We found that @aws-cdk/region-info demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.