
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
@crate.io/cs-auth-adapter
Advanced tools
UI Auth Adapter (Mobile & Web)
.. topic:: Overview
The `Crate Solutions Auth Adapter` is a library installed via `npm`. The library's sole function is the management
of the `authentication` process in frontend applications. This management includes, acquisition of `tokens` as well
as storage and periodic refreshing.
.. topic:: How does it work ?
The library exposes a dedicated function for each application type as different `local storage` systems are in use
for `mobile` and `browser` based applications. The repository is hosted on `github packages`. The `use` function
returns the `authorize_token` to be used as a `Bearer` token in `API` requests. Moreover, the same token is saved
in `session` or `async` storage.
An `evn` variable needs to be set for the keycloak adapter `UI_KEYCLOAK_ADAPTER` and client id `UI_KEYCLOAK_CLIENT_ID`
Refresh tokens expire in `30` minutes. The adapter manages this by requisition of a new token in `29` minutes.
**Installation**
.. code-block::
npm i --save cs-auth-adapter
Web Apps
Tokens can be generated in two ways, either by passing an existing `keycloak` `access_token` string or passing a
username and password. If a token is passed, one needs to pass the `clientId`. The arguments not used should be
passed `null`. The base URL should be environment specific.
.. code-block::
import { useWebAuthAdapter } from 'cs-auth-adapter';
const authToken = await useWebAuthAdapter(token, null, baseURL, clientID);
// or
const authToken = await useWebAuthAdapter(null, credentials, baseURL);
Mobile Apps
Tokens are generated by passing credentials generated from the `keycloak` master admin panel.
.. code-block::
import { useMobileAuthAdapter } from 'cs-auth-adapter';
const authToken = await useMobileAuthAdapter(AsyncStorage, credentials, baseURL);
FAQs
Crate Solutions Auth Adapter
We found that @crate.io/cs-auth-adapter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.