Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@cumulus/aws-client
Advanced tools
Utilities for working with AWS. These utilities can be used for interacting with live AWS services or Localstack. For ease of setup, testing, and credential management, code interacting with AWS services should use the helpers in this module.
⚠️ The documented API of this package will not change without a deprecation warning being provided in earlier releases. Code in this package that is not documented in this README may change without warning, and is not considered part of the package's public API.
npm install @cumulus/aws-client
To use these utilities with Localstack, make sure you have a running instance of Localstack and set this environment variable:
NODE_ENV=test
Class to efficiently search all of the items in a DynamoDB table, without loading them all into memory at once. Handles paging.
Class to efficiently list all of the objects in an S3 bucket, without loading them all into memory at once. Handles paging of listS3ObjectsV2 requests.
Class to use when interacting with S3
Promise.<CloudFormation.Stack>
Promise.<CloudFormation.StackResources>
Promise.<Object>
Promise.<CloudFormation.Stack>
Describes a given CloudFormation stack
Kind: inner method of CloudFormation
Returns: Promise.<CloudFormation.Stack>
- The resources belonging to the stack
Param | Type | Description |
---|---|---|
StackName | string | The name of the CloudFormation stack to query |
Promise.<CloudFormation.StackResources>
Describes the resources belonging to a given CloudFormation stack
See CloudFormation.StackResources
Kind: inner method of CloudFormation
Returns: Promise.<CloudFormation.StackResources>
- The resources belonging to the stack
Param | Type | Description |
---|---|---|
StackName | string | The name of the CloudFormation stack to query |
Promise.<Object>
Get parameter values for the given CloudFormation stack
Kind: inner method of CloudFormation
Returns: Promise.<Object>
- Object keyed by parameter names
Param | Type | Description |
---|---|---|
stackName | string | The name of the CloudFormation stack to query |
parameterKeys | Array.<string> | Key names for the stack parameters that you want to return |
Promise.<CloudWatchEvents.PutRuleResponse>
Create a CloudWatch Events rule
Kind: inner method of CloudwatchEvents
Param | Type | Description |
---|---|---|
name | string | the rule name |
schedule | string | a ScheduleExpression |
state | string | the state of the rule |
[description] | string | |
[role] | string | a Role ARN |
Promise.<Object>
Promise.<Object>
Promise.<Object>
Promise
Promise
Promise.<Object>
Call DynamoDb client get
See DocumentClient.get()
for descriptions of params
and the return data.
Kind: static property of DynamoDb
Throws:
RecordDoesNotExist
if a record cannot be foundParam | Type | Description |
---|---|---|
params | Object | |
params.tableName | string | Table name to read |
params.item | AWS.DynamoDB.DocumentClient.Key | Key identifying object to get |
params.client | AWS.DynamoDB.DocumentClient | Instance of a DynamoDb DocumentClient |
params.getParams | Object | Additional parameters for DocumentClient.get() |
Promise.<Object>
Call DynamoDb client scan
See DocumentClient.scan()
for descriptions of params
and the return data.
Kind: static property of DynamoDb
Param | Type |
---|---|
params | Object |
Promise.<Object>
Create a DynamoDB table and then wait for the table to exist
Kind: static method of DynamoDb
Returns: Promise.<Object>
- the output of the createTable call
Param | Type | Description |
---|---|---|
params | Object | the same params that you would pass to AWS.createTable See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html#createTable-property |
Promise
Delete a DynamoDB table and then wait for the table to not exist
Kind: static method of DynamoDb
Param | Type | Description |
---|---|---|
params | Object | the same params that you would pass to AWS.deleteTable See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html#deleteTable-property |
Promise
Do a parallel scan of DynamoDB table using a document client.
See https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Scan.html#Scan.ParallelScan. See DocumentClient.scan().
Kind: inner method of DynamoDb
Param | Type | Description |
---|---|---|
params | Object | |
params.totalSegments | number | Total number of segments to divide table into for parallel scanning |
params.scanParams | DocumentClient.ScanInput | Params for the DynamoDB client scan operation See https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Scan.html |
params.processItemsFunc | function | Function used to process returned items by scan |
[params.dynamoDbClient] | DocumentClient | Instance of Dynamo DB document client |
[params.retryOptions] | pRetry.Options | Retry options for scan operations |
Promise.<Object>
Promise.<string>
string
Promise.<Object>
Create a KMS key
See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/KMS.html#createKey-property for allowed params and return value.
Kind: inner method of KMS
Param | Type |
---|---|
params | Object |
Promise.<string>
Encrypt a string using KMS
Kind: inner method of KMS
Returns: Promise.<string>
- the Base 64 encoding of the encrypted value
Param | Type | Description |
---|---|---|
KeyId | string | the KMS key to use for encryption |
Plaintext | string | the string to be encrypted |
string
Decrypt a KMS-encrypted string, Base 64 encoded
Kind: inner method of KMS
Returns: string
- the plaintext
Param | Type | Description |
---|---|---|
ciphertext | string | a KMS-encrypted value, Base 64 encoded |
Promise.<Object>
Describe a Kinesis stream.
Kind: inner method of Kinesis
Returns: Promise.<Object>
- The stream description response
Param | Type | Description |
---|---|---|
params | Object | |
params.StreamName | string | A Kinesis stream name |
retryOptions | Object | Options passed to p-retry module |
Promise.<AWS.Lambda.InvocationResponse>
Invoke a Lambda function
Kind: static method of Lambda
Param | Type | Default | Description |
---|---|---|---|
name | string | Lambda function name | |
payload | any | the payload to the Lambda function | |
type | string | "Event" | the invocation type |
Promise
Promise
Promise
Promise.<AWS.S3.GetObjectTaggingOutput>
Promise
Promise
Promise
Promise.<Array>
string
Object
string
string
Promise.<boolean>
Promise.<undefined>
Promise
Promise
Promise.<string>
Promise.<(number|undefined)>
Promise.<AWS.S3.GetObjectOutput>
Promise.<AWS.S3.GetObjectOutput>
Promise.<string>
Promise.<*>
Readable
Promise
Promise
Promise
Promise
Promise
Promise.<boolean>
Array.<string>
Promise
Promise
Promise.<{etag: string}>
Promise.<undefined>
Delete an object from S3
Kind: static property of S3
Param | Type | Description |
---|---|---|
bucket | string | bucket where the object exists |
key | string | key of the object to be deleted promise of the object being deleted |
Promise
Get an object header from S3
Kind: static property of S3
Returns: Promise
- returns response from S3.headObject
as a promise
Param | Type | Description |
---|---|---|
Bucket | string | name of bucket |
Key | string | key for object (filepath + filename) |
retryOptions | Object | options to control retry behavior when an object does not exist. See https://github.com/tim-kos/node-retry#retryoperationoptions By default, retries will not be performed |
Put an object on S3
Kind: static property of S3
Param | Type | Description |
---|---|---|
params | Object | same params as https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#putObject-property promise of the object being put |
Promise
Copy an object from one location on S3 to another
Kind: static property of S3
Returns: Promise
- promise of the object being copied
Param | Type | Description |
---|---|---|
params | Object | same params as https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#putObject-property |
Promise
Upload data to S3
Note: This is equivalent to calling aws.s3().upload(params).promise()
Kind: static property of S3
Returns: Promise
- see S3.upload()
Param | Type | Description |
---|---|---|
params | Object | see S3.upload() |
Promise.<AWS.S3.GetObjectTaggingOutput>
Get object Tagging from S3
Kind: static property of S3
Returns: Promise.<AWS.S3.GetObjectTaggingOutput>
- the promised response from S3.getObjectTagging
Param | Type | Description |
---|---|---|
bucket | string | name of bucket |
key | string | key for object (filepath + filename) |
Promise
Puts object Tagging in S3 https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#putObjectTagging-property
Kind: static property of S3
Returns: Promise
- returns response from S3.getObjectTagging
as a promise
Param | Type | Description |
---|---|---|
Bucket | string | name of bucket |
Key | string | key for object (filepath + filename) |
Tagging | Object | tagging object |
Promise
Deprecated
Gets an object from S3.
Kind: static property of S3
Returns: Promise
- returns response from S3.getObject
as a promise
Param | Type | Description |
---|---|---|
Bucket | string | name of bucket |
Key | string | key for object (filepath + filename) |
retryOptions | Object | options to control retry behavior when an object does not exist. See https://github.com/tim-kos/node-retry#retryoperationoptions By default, retries will not be performed |
Promise
Delete a bucket and all of its objects from S3
Kind: static property of S3
Returns: Promise
- the promised result of S3.deleteBucket
Param | Type | Description |
---|---|---|
bucket | string | name of the bucket |
Promise.<Array>
Fetch complete list of S3 objects
listObjectsV2 is limited to 1,000 results per call. This function continues listing objects until there are no more to be fetched.
The passed params must be compatible with the listObjectsV2 call.
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#listObjectsV2-property
Kind: static method of S3
Returns: Promise.<Array>
- resolves to an array of objects corresponding to
the Contents property of the listObjectsV2 response
Param | Type | Description |
---|---|---|
params | Object | params for the s3.listObjectsV2 call |
string
Join strings into an S3 key without a leading slash
Kind: inner method of S3
Returns: string
- the full S3 key
Param | Type | Description |
---|---|---|
...args | string | Array.<string> | the strings to join |
Object
parse an s3 uri to get the bucket and key
Kind: inner method of S3
Returns: Object
- Returns an object with Bucket
and Key
properties
Param | Type | Description |
---|---|---|
uri | string | must be a uri with the s3:// protocol |
string
Given a bucket and key, return an S3 URI
Kind: inner method of S3
Returns: string
- an S3 URI
Param | Type | Description |
---|---|---|
bucket | string | an S3 bucket name |
key | string | an S3 key |
string
Convert S3 TagSet Object to query string e.g. [{ Key: 'tag', Value: 'value }] to 'tag=value'
Kind: inner method of S3
Returns: string
- tags query string
Param | Type | Description |
---|---|---|
tagset | Array.<Object> | S3 TagSet array |
Promise.<boolean>
Test if an object exists in S3
Kind: inner method of S3
Returns: Promise.<boolean>
- a Promise that will resolve to a boolean indicating
if the object exists
Param | Type | Description |
---|---|---|
params | Object | same params as https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#headObject-property |
Promise.<undefined>
Wait for an object to exist in S3
Kind: inner method of S3
Param | Type | Default | Description |
---|---|---|---|
params | Object | ||
params.bucket | string | ||
params.key | string | ||
[params.interval] | number | 1000 | interval before retries, in ms |
[params.timeout] | number | 30000 | timeout, in ms |
Promise
Upload a file to S3
Kind: inner method of S3
Param | Type | Description |
---|---|---|
bucket | string | the destination S3 bucket |
key | string | the destination S3 key |
filename | filename | the local file to be uploaded |
Promise
Upload data to S3 using a stream
We are not using s3.upload().promise()
due to errors observed in testing
with uncaught exceptions. By creating our own promise, we can ensure any
errors from the streams or upload cause this promise to reject.
Kind: inner method of S3
Param | Type | Description |
---|---|---|
uploadStream | Readable | Stream of data to upload |
uploadParams | Object | see S3.upload() |
Promise.<string>
Downloads the given s3Obj to the given filename in a streaming manner
Kind: inner method of S3
Returns: Promise.<string>
- returns filename if successful
Param | Type | Description |
---|---|---|
s3Obj | Object | The parameters to send to S3 getObject call |
filepath | string | The filepath of the file that is downloaded |
Promise.<(number|undefined)>
Get the size of an S3 object
Kind: inner method of S3
Returns: Promise.<(number|undefined)>
- object size, in bytes
Param | Type | Description |
---|---|---|
params | Object | |
params.bucket | string | |
params.key | string | |
params.s3 | AWS.S3 | an S3 client instance |
Promise.<AWS.S3.GetObjectOutput>
Gets an object from S3.
Kind: inner method of S3
Returns: Promise.<AWS.S3.GetObjectOutput>
- response from AWS.S3.getObject()
as a Promise
Param | Type | Description |
---|---|---|
s3Client | AWS.S3 | an AWS.S3 instance |
params | AWS.S3.GetObjectRequest | parameters object to pass through to AWS.S3.getObject() |
Example
const obj = await getObject(s3(), { Bucket: 'b', Key: 'k' })
Promise.<AWS.S3.GetObjectOutput>
Get an object from S3, waiting for it to exist and, if specified, have the correct ETag.
Kind: inner method of S3
Param | Type | Default |
---|---|---|
s3Client | AWS.S3 | |
params | AWS.S3.GetObjectRequest | |
[retryOptions] | pRetry.Options | {} |
Promise.<string>
Fetch the contents of an S3 object
Kind: inner method of S3
Returns: Promise.<string>
- the contents of the S3 object
Param | Type | Description |
---|---|---|
bucket | string | the S3 object's bucket |
key | string | the S3 object's key |
Promise.<*>
Fetch JSON stored in an S3 object
Kind: inner method of S3
Returns: Promise.<*>
- the contents of the S3 object, parsed as JSON
Param | Type | Description |
---|---|---|
bucket | string | the S3 object's bucket |
key | string | the S3 object's key |
Readable
Get a readable stream for an S3 object
Kind: inner method of S3
Param | Type | Description |
---|---|---|
params | Object | |
params.s3 | AWS.S3 | an AWS.S3 instance |
params.bucket | string | the bucket of the requested object |
params.key | string | the key of the requested object |
Promise
Check if a file exists in an S3 object
Kind: inner method of S3
Returns: Promise
- returns the response from S3.headObject
as a promise
Param | Type | Description |
---|---|---|
bucket | string | name of the S3 bucket |
key | string | key of the file in the S3 bucket |
Promise
Delete files from S3
Kind: inner method of S3
Returns: Promise
- A promise that resolves to an Array of the data returned
from the deletion operations
Param | Type | Description |
---|---|---|
s3Objs | Array | An array of objects containing keys 'Bucket' and 'Key' |
Promise
Delete a list of buckets and all of their objects from S3
Kind: inner method of S3
Returns: Promise
- the promised result of S3.deleteBucket
Param | Type | Description |
---|---|---|
buckets | Array | list of bucket names |
Promise
Upload the file associated with the given stream to an S3 bucket
Kind: inner method of S3
Returns: Promise
- A promise
Param | Type | Description |
---|---|---|
fileStream | ReadableStream | The stream for the file's contents |
bucket | string | The S3 bucket to which the file is to be uploaded |
key | string | The key to the file in the bucket |
s3opts | Object | Options to pass to the AWS sdk call (defaults to {} ) |
Promise
List the objects in an S3 bucket
Kind: inner method of S3
Returns: Promise
- A promise that resolves to the list of objects. Each S3
object is represented as a JS object with the following attributes: Key
,
ETag
, LastModified
, Owner
, Size
, StorageClass
.
Param | Type | Default | Description |
---|---|---|---|
bucket | string | The name of the bucket | |
prefix | string | Only objects with keys starting with this prefix will be included (useful for searching folders in buckets, e.g., '/PDR') | |
skipFolders | boolean | true | If true don't return objects that are folders (defaults to true) |
Calculate the cryptographic hash of an S3 object
Kind: inner method of S3
Param | Type | Description |
---|---|---|
params | Object | |
params.s3 | AWS.S3 | an AWS.S3 instance |
params.algorithm | string | cksum , or an algorithm listed in openssl list -digest-algorithms |
params.bucket | string | |
params.key | string |
Promise.<boolean>
Validate S3 object checksum against expected sum
Kind: inner method of S3
Returns: Promise.<boolean>
- returns true for success
Throws:
InvalidChecksum
- Throws error if validation failsParam | Type | Description |
---|---|---|
params | Object | params |
params.algorithm | string | checksum algorithm |
params.bucket | string | S3 bucket |
params.key | string | S3 key |
params.expectedSum | number | string | expected checksum |
[params.options] | Object | crypto.createHash options |
Array.<string>
Extract the S3 bucket and key from the URL path parameters
Kind: inner method of S3
Returns: Array.<string>
- [Bucket, Key]
Param | Type | Description |
---|---|---|
pathParams | string | path parameters from the URL bucket/key in the form of |
Promise
Create an S3 bucket
Kind: inner method of S3
Param | Type | Description |
---|---|---|
Bucket | string | the name of the S3 bucket to create |
Promise
Create multiple S3 buckets
Kind: inner method of S3
Param | Type | Description |
---|---|---|
buckets | Array.<string> | the names of the S3 buckets to create |
Promise.<{etag: string}>
Copy an S3 object to another location in S3 using a multipart copy
Kind: inner method of S3
Returns: Promise.<{etag: string}>
- object containing the ETag of the
destination object
Param | Type | Default | Description |
---|---|---|---|
params | Object | ||
params.sourceBucket | string | ||
params.sourceKey | string | ||
params.destinationBucket | string | ||
params.destinationKey | string | ||
[params.sourceObject] | AWS.S3.HeadObjectOutput | Output from https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#headObject-property | |
[params.ACL] | string | an S3 Canned ACL | |
[params.copyTags] | boolean | false |
Promise.<undefined>
Move an S3 object to another location in S3
Kind: inner method of S3
Param | Type | Default | Description |
---|---|---|---|
params | Object | ||
params.sourceBucket | string | ||
params.sourceKey | string | ||
params.destinationBucket | string | ||
params.destinationKey | string | ||
[params.ACL] | string | an S3 Canned ACL | |
[params.copyTags] | boolean | false |
Promise.<undefined>
Publish a message to an SNS topic. Does not catch errors, to allow more specific handling by the caller.
Kind: inner method of SNS
Param | Type | Description |
---|---|---|
snsTopicArn | string | SNS topic ARN |
message | Object | Message object |
retryOptions | Object | options to control retry behavior when publishing a message fails. See https://github.com/tim-kos/node-retry#retryoperationoptions |
Promise
Promise
Promise.<string>
Promise.<Array>
Promise.<boolean>
Promise
Send a message to AWS SQS
Kind: static property of SQS
Returns: Promise
- resolves when the messsage has been sent
Param | Type | Description |
---|---|---|
queueUrl | string | url of the SQS queue |
message | string | Object | either string or object message. If an object it will be serialized into a JSON string. |
[logOverride] | Logger | optional Logger passed in for testing |
Promise
Delete a given SQS message from a given queue.
Kind: static property of SQS
Returns: Promise
- an AWS SQS response
Param | Type | Description |
---|---|---|
queueUrl | string | url of the SQS queue |
receiptHandle | integer | the unique identifier of the sQS message |
Promise.<string>
Create an SQS Queue. Properly handles localstack queue URLs
Kind: static method of SQS
Returns: Promise.<string>
- the Queue URL
Param | Type | Description |
---|---|---|
QueueName | string | queue name |
Promise.<Array>
Receives SQS messages from a given queue. The number of messages received can be set and the timeout is also adjustable.
Kind: inner method of SQS
Returns: Promise.<Array>
- an array of messages
Param | Type | Default | Description |
---|---|---|---|
queueUrl | string | url of the SQS queue | |
options | Object | options object | |
[options.numOfMessages] | integer | 1 | number of messages to read from the queue |
[options.visibilityTimeout] | integer | 30 | number of seconds a message is invisible after read |
[options.waitTimeSeconds] | integer | 0 | number of seconds to poll SQS queue (long polling) |
Promise.<boolean>
Test if an SQS queue exists
Kind: inner method of SQS
Returns: Promise.<boolean>
- - a Promise that will resolve to a boolean indicating
if the queue exists
Param | Type | Description |
---|---|---|
queueUrl | Object | queue url |
Promise.<Object>
Promise.<Object>
Promise.<Object>
Promise.<Object>
Promise.<boolean>
Promise.<Object>
Call StepFunctions DescribeExecution
See StepFunctions.describeExecution()
for descriptions of params
and the return data.
If a ThrottlingException is received, this function will retry using an exponential backoff.
Kind: static method of StepFunctions
Param | Type |
---|---|
params | Object |
Promise.<Object>
Call StepFunctions DescribeStateMachine
See StepFunctions.describeStateMachine()
for descriptions of params
and the return data.
If a ThrottlingException is received, this function will retry using an exponential backoff.
Kind: static method of StepFunctions
Param | Type |
---|---|
params | Object |
Promise.<Object>
Call StepFunctions GetExecutionHistory
See StepFunctions.getExecutionHistory()
for descriptions of params
and the return data.
If a ThrottlingException is received, this function will retry using an exponential backoff.
Kind: static method of StepFunctions
Param | Type |
---|---|
params | Object |
Promise.<Object>
Call StepFunctions ListExecutions
See StepFunctions.listExecutions()
for descriptions of params
and the return data.
If a ThrottlingException is received, this function will retry using an exponential backoff.
Kind: static method of StepFunctions
Param | Type |
---|---|
params | Object |
Promise.<boolean>
Check if a Step Function Execution exists
If a ThrottlingException is received, this function will retry using an exponential backoff.
Kind: inner method of StepFunctions
Param | Type | Description |
---|---|---|
executionArn | string | the ARN of the Step Function Execution to check for |
Class to efficiently search all of the items in a DynamoDB table, without loading them all into memory at once. Handles paging.
Kind: global class
Promise.<Array>
Drain all values from the searchQueue, and return to the user. Warning: This can be very memory intensive.
Kind: instance method of DynamoDbSearchQueue
Returns: Promise.<Array>
- array of search results.
Promise.<Object>
View the next item in the queue
This does not remove the object from the queue. When there are no more items in the queue, returns 'null'.
Kind: instance method of DynamoDbSearchQueue
Returns: Promise.<Object>
- an item from the DynamoDB table
Promise.<Object>
Remove the next item from the queue
When there are no more items in the queue, returns 'null'.
Kind: instance method of DynamoDbSearchQueue
Returns: Promise.<Object>
- an item from the DynamoDB table
Class to efficiently list all of the objects in an S3 bucket, without loading them all into memory at once. Handles paging of listS3ObjectsV2 requests.
Kind: global class
Promise.<Object>
View the next item in the queue
This does not remove the object from the queue. When there are no more items in the queue, returns 'null'.
Kind: instance method of S3ListObjectsV2Queue
Returns: Promise.<Object>
- an S3 object description
Promise.<Object>
Remove the next item from the queue
When there are no more items in the queue, returns 'null'.
Kind: instance method of S3ListObjectsV2Queue
Returns: Promise.<Object>
- an S3 object description
Class to use when interacting with S3
Kind: global class
Promise.<string>
Promise.<string>
Promise.<string>
Returns an HTTPS URL that can be used to perform a GET on the given object store URL
Kind: instance method of S3ObjectStore
Returns: Promise.<string>
- a signed URL
Throws:
Param | Type | Description |
---|---|---|
objectUrl | string | the URL of the object to sign |
[options] | string | options to pass to S3.getObject |
[queryParams] | string | a mapping of parameter key/values to put in the URL |
Promise.<string>
Returns an HTTPS URL that can be used to perform a HEAD on the given object store URL
Kind: instance method of S3ObjectStore
Returns: Promise.<string>
- a signed URL
Throws:
Param | Type | Description |
---|---|---|
objectUrl | string | the URL of the object to sign |
[options] | string | options to pass to S3.getObject |
[queryParams] | string | a mapping of parameter key/values to put in the URL |
Cumulus is a cloud-based data ingest, archive, distribution and management prototype for NASA's future Earth science data streams.
To make a contribution, please see our contributing guidelines.
Generated automatically using npm run build-docs
FAQs
Utilities for working with AWS
We found that @cumulus/aws-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.