
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@beyondessential/tupaia-access-policy
Advanced tools
Methods for parsing the access policy that is received by Tupaia projects during authentication.
Helper for determining whether a particular resource is accessible as defined by the access policy.
// Returns whether or not the access policy grants access to DL_North area within DL for surveys at a Donor level.
hasAccess(accessPolicy, 'surveys', ['DL', 'DL_North'], 'Donor');
// Returns whether or not the access policy grants access to Reports for DL at any level.
hasAccess(accessPolicy, 'reports', ['DL']);
{
"permissions": {
"surveys": {
"_items": {
"Country": {
"_access": {
"Permission Group": bool
},
"_items": {
"Region": {
"_access": {
"Permission Group": bool
},
"Region": {
"_access": {
"Permission Group": bool
}
},
"_items": {
"Facility": {
"_access": {
"Permission Group": bool
},
}
}
}
}
}
}
},
"reports": {
"_items": {
"Country": {
"_access": {
"Permission Group": bool
},
"_items": {
"Region": {
"_access": {
"Permission Group": bool
},
"Region": {
"_access": {
"Permission Group": bool
}
},
"_items": {
"Facility": {
"_access": {
"Permission Group": bool
},
}
}
}
}
}
}
}
}
};
User can have permission entries for countries, regions, sub-regions and facilities. If a user has the Admin permission group for a country, they will have Admin permissions for all children of that country. A child can override a parent permission, which will also override the permission for it's own children.
Use the command npm run test
.
Edit files in src and run npm run build
to create a new version that's able to be imported by other projects. Commit files from the dist files along with source files.
FAQs
Methods for parsing Tupaia access policy
The npm package @beyondessential/tupaia-access-policy receives a total of 660 weekly downloads. As such, @beyondessential/tupaia-access-policy popularity was classified as not popular.
We found that @beyondessential/tupaia-access-policy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.