Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@cumulus/common
Advanced tools
Common libraries used in Cumulus.
npm install @cumulus/common
Cumulus is a cloud-based data ingest, archive, distribution and management prototype for NASA's future Earth science data streams.
To make a contribution, please see our contributing guidelines.
[v1.23.2] 2020-05-22
Updates to the Cumulus archive API:
401
response instead of a 403
for any request where the JWT passed as a Bearer token is invalid./refresh
and DELETE /token/<token>
endpoints now return a 401
response for requests with expired tokensCUMULUS-1894
@cumulus/ingest/granule.handleDuplicateFile()
copyOptions
parameter has been removedACL
parameter has been added@cumulus/ingest/granule.renameS3FileWithTimestamp()
undefined
CUMULUS-1896 Updated all Cumulus core lambdas to utilize the new message adapter streaming interface via cumulus-message-adapter-js v1.2.0. Users of this version of Cumulus (or later) must utilize version 1.3.0 or greater of the cumulus-message-adapter to support core lambdas.
CUMULUS-1912
@cumulus/api
reconciliationReports list endpoint returns a list of reconciliationReport records instead of S3Uri.CUMULUS-1969
DiscoverGranules
task now expects provider_path
to be provided at
event.config.provider_path
, not event.config.collection.provider_path
config.provider_path
is now a required parameter of the DiscoverGranules
taskTo take advantage of the new TTL-based access token expiration implemented in CUMULUS-1777 (see notes below) and clear out existing records in your access tokens table, do the following:
<prefix>-AccessTokensTable
DynamoDB tabledata-persistence
module, which should re-create the <prefix>-AccessTokensTable
DynamoDB tableThis release requires the Cumulus Message Adapter layer deployed with Cumulus Core to be at least 1.3.0, as the core lambdas have updated to cumulus-message-adapter-js v1.2.0 and the new CMA interface. As a result, users should:
cumulus-message-adapter-js
, you must update your lambda to use cumulus-message-adapter-js v1.2.0 and follow the migration instructions in the release notes. Prior versions of cumulus-message-adapter-js
are not compatible with CMA >= 1.3.0.Migrate existing s3 reconciliation report records to database (CUMULUS-1911):
data persistence
module and Cumulus resources, run the command:./node_modules/.bin/cumulus-api migrate --stack `<your-terraform-deployment-prefix>` --migrationVersion migration5
Added a limit for concurrent Elasticsearch requests when doing an index from database operation
Added the es_request_concurrency
parameter to the archive and cumulus Terraform modules
CUMULUS-1995
es_index_shards
parameter to the archive and cumulus Terraform modules to configure the number of shards for the ES index
CUMULUS-1894
@cumulus/aws-client/S3.moveObject()
CUMULUS-1911
@cumulus/api
package, tf-modules/archive
and tf-modules/data-persistence
Terraform modulesCUMULUS-1916
expirationTime
property is now a required field of the access tokens model.AccessTokens
table to set a TTL on the expirationTime
field in tf-modules/data-persistence/dynamo.tf
. As a result, access token records in this table whose expirationTime
has passed should be automatically deleted by DynamoDB.AccessTokens
table to set the expirationTime
field value in seconds from the epoch.@cumulus/api-client/reconciliationReports
@cumulus/common/util.deprecate()
so that only a single deprecation notice is printed for each name/version combinationSyncGranule
task can now handle files larger than 5 GBRemove granule from CMR
operation in @cumulus/api
now passes token to CMR when fetching granule metadata, allowing removal of private granulessqs-message-consumer
Lambda will now only schedule workflows for rules matching the queue and the collection information in each queue message (if any)
CUMULUS-1894
@cumulus/ingest/granule.copyGranuleFile()
@cumulus/ingest/granule.moveGranuleFile()
CUMULUS-1987 - Deprecated the following functions:
@cumulus/cmrjs/getMetadata(cmrLink)
-> @cumulus/cmr-client/CMR.getGranuleMetadata(cmrLink)
@cumulus/cmrjs/getFullMetadata(cmrLink)
FAQs
Common utilities used across tasks
The npm package @cumulus/common receives a total of 210 weekly downloads. As such, @cumulus/common popularity was classified as not popular.
We found that @cumulus/common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.