Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@cnpmjs/binding
Advanced tools
This project was bootstrapped by create-neon.
Installing rapid binding requires a supported version of Node and Rust.
You can install the project with npm. In the project directory, run:
$ npm install
This fully installs the project, including installing any dependencies and running the build.
If you have already installed the project and only want to run the build, run:
$ npm run build
This command uses the cargo-cp-artifact utility to run the Rust build and copy the built library into ./index.node
.
After building rapid binding, you can explore its exports at the Node REPL:
$ npm install
$ node
> require('.').hello()
"hello node"
In the project directory, you can run:
npm install
Installs the project, including running npm run build
.
npm build
Builds the Node addon (index.node
) from source.
Additional cargo build
arguments may be passed to npm build
and npm build-*
commands. For example, to enable a cargo feature:
npm run build -- --feature=beetle
npm build-debug
Alias for npm build
.
npm build-release
Same as npm build
but, builds the module with the release
profile. Release builds will compile slower, but run faster.
npm test
Runs the unit tests by calling cargo test
. You can learn more about adding tests to your Rust code from the Rust book.
The directory structure of this project is:
binding/
├── Cargo.toml
├── README.md
├── index.node
├── package.json
├── src/
| └── lib.rs
└── target/
The Cargo manifest file, which informs the cargo
command.
This file.
The Node addon—i.e., a binary Node module—generated by building the project. This is the main module for this package, as dictated by the "main"
key in package.json
.
Under the hood, a Node addon is a dynamically-linked shared object. The "build"
script produces this file by copying it from within the target/
directory, which is where the Rust build produces the shared object.
The npm manifest file, which informs the npm
command.
The directory tree containing the Rust source code for the project.
The Rust library's main module.
Binary artifacts generated by the Rust build.
To learn more about Neon, see the Neon documentation.
To learn more about Rust, see the Rust documentation.
To learn more about Node, see the Node documentation.
FAQs
downloader binding
The npm package @cnpmjs/binding receives a total of 1 weekly downloads. As such, @cnpmjs/binding popularity was classified as not popular.
We found that @cnpmjs/binding demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.