Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@casual-simulation/aux-vm
Advanced tools
A set of abstractions required to securely run an AUX.
npm install @casual-simulation/aux-vm
TODO:
V0.9.32
onDropInContext()
, onAnyDropInContext()
, onDropInInventory()
, onAnyDropInInventory()
, onDragOutOfContext()
, onAnyDragOutOfContext()
, onDragOutOfInventory()
and onAnyDragOutOfInventory()
to onBotDrop()
, onAnyBotDrop()
, onBotDrag()
, onAnyBotDrag()
.aux.context.inventory.height
from 0 to 1 to instead be 1 to 10 defining the default number of rows to view in the inventory on page load.DIRECTORY_TOKEN_SECRET
and DIRECTORY_WEBHOOK
environment variables.DIRECTORY_TOKEN_SECRET
environmenv variable is not specified, then the directory API will not be enabled.DIRECTORY_TOKEN_SECRET
.DIRECTORY_WEBHOOK
variable specifies the URL that updated entry information should be POSTed to.
key
: The key/hash that the uniquely identifies the AUX that was updated.externalIpAddress
: The external (public facing) IP Address that the AUX is using.internalIpAddress
: The internal (non-public facing) IP Address that the AUX is using.GET /api/directory
PUT /api/directory
key
: The unique key identifying the AUXPlayer. Recommended to use a hash of the MAC address and hostname.privateIpAddress
: The local network IP Address that has been assigned to the AUXPlayer.publicName
: The name that can be shown to other users publicly.password
: The password that is required to update the record. If this is the first request for the key
then the password will be saved such that the record can only be updated in the future when given the same password.aux.context.player.rotation.x
and aux.context.player.rotation.y
from one another to let the user only need to fill in one of the fields for player's initial rotation to work.FAQs
A set of abstractions required to securely run an AUX.
The npm package @casual-simulation/aux-vm receives a total of 77 weekly downloads. As such, @casual-simulation/aux-vm popularity was classified as not popular.
We found that @casual-simulation/aux-vm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.