
Research
/Security News
Malicious npm Packages Target WhatsApp Developers with Remote Kill Switch
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
@cto.ai/ops-ctrl-account
Advanced tools
cto.ai account management library
JWT-based identity and access management
This is a native ESM module.
account(opts) => instance
Options:
realm
- auth server realm nameurl
- auth server URLid
- client idpages
- an object that must contain the following properties: signup
, signin
, error
. Each must hold a Buffer
instance, containin HTML to redirect a users browser after a user has registered, logged in or if there was an error, respectively.backend
default: false
- backend mode limited API. Only functionality that doesn't rely on client-side browser interactions is supplied: refresh
, signout
and signin
, where signin
must be passed user and password. Pages are not required when backend
is true
.Tokens objects:
Much of the API either accepts or outputs tokens
. A tokens object has the following shape:
{
accessToken: string
refreshToken: string
idToken: string
sessionState: string
}
instance.signup() => Promise => tokens
Opens the default browser to the registration URL and supplies tokens
once the registration process has been completed in the browser.
instance.signin(opts) => Promise => tokens
Triggers a browser-based login flow or logs in with a given username and password.
If both user
and password
options are supplied these credentials will be
exchanged for tokens
. Otherwise, opens the default browser to the login URL and supplies tokens
when the login process has been completed in the browser.
Options:
user
Optional - usernamepassword
Optional - passwordinstance.refresh(tokens) => Promise => tokens
Accepts a tokens
object and fetches fresh tokens
.
instance.signout(tokens) => Promise
Invalidates the tokens
passed.
instance.reset(opts)
Will open a browser at a Keycloak password reset URL, which differs based on the signedIn
options.
Options:
signedIn
(boolean
), Default: false
- If true
the browser will open to the logged-in accounts password page. If false
it will open to reset credentials page.instance.validate(tokens) => boolean
accounts.validate(tokens) => boolean
Checks whether tokens.refreshToken
has expired. If it has validate
returns true
, otherwise false
.
Test:
npm test
Visual coverage report (run after test):
npm run cov
Lint:
npm run lint
Autoformat:
npm run lint -- --fix
For mainline releases:
npm version <major|minor|patch>
git push --follow-tags
For prereleases:
npm version prerelease
git push --follow-tags
MIT
FAQs
cto.ai account management library
The npm package @cto.ai/ops-ctrl-account receives a total of 1 weekly downloads. As such, @cto.ai/ops-ctrl-account popularity was classified as not popular.
We found that @cto.ai/ops-ctrl-account demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Research
/Security News
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
Security News
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.