Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@datagraphics/delivery
Advanced tools
Changelog
[0.6.0] - 2020-06-18
Delivery
can now be passed a shouldBeCached
function to customize the logic that selects files to receive long-lived cache headers. This function is passed a single parameter — the input file path — and should return true
or false
..topojson
files will now get the content header of application/json
thanks to a custom type addition to mime
.mime
instead of mime-types
. It's smaller and makes it easy to add custom types.hasha
's breaking changes in a minor release.maxAgeOverride
is now cacheControlOverride
and expects you to provide the full string, not just the seconds for max-age=
.public, max-age=31536000, immutable
value. Files that match the text/html
content type will instead get an explicit no-cache
header. Files that do not pass either test get nothing and are at the mercy of upstream decisions.Readme
@datagraphics/delivery
is a way to push and pull assets to and from S3 the Data Graphics way!
@datagraphics/delivery
is available via npm
.
npm install -D @datagraphics/delivery
TK TK
Extends EventEmitter
The base class for @datagraphics/delivery. Create an instance of Delivery to set an interface with S3.
options
{bucket: string, basePath: string?, useAccelerateEndpoint: boolean?, shouldBeCached: function (path: string): boolean?}
options.bucket
The bucket on S3 to interact withoptions.basePath
A pre-defined base path for all interactions with S3.
Useful for establishing the slug or prefix of an upload. (optional, default ''
)options.useAccelerateEndpoint
If true, use the Accelerate endpoint (optional, default false
)options.shouldBeCached
A function used to determine whether a file
should receive long-lived cache headers. (optional, default defaultShouldBeCached
)const delivery = new Delivery({
bucket: 'apps.thebignews.com',
basePath: 'our-great-project',
});
Uploads a single file to S3.
file
string The path to the file to uploadpath
string Where to upload the file relative to the base pathoptions
{isPublic: boolean?, shouldCache: boolean?, cacheControlOverride: string?} (optional, default {}
)
options.isPublic
Whether a file should be made public or not on upload (optional, default false
)options.shouldCache
Whether a file should have cache headers applied (optional, default false
)options.cacheControlOverride
A custom Cache-Control value that will
override the built-in lookup if
shouldCache is trueconst result = await delivery.uploadFile(
'./data/counties.json', // path to the file on local drive
'counties.json', // the key to give the file in S3, combined with `basePath`
{
isPublic: true,
}
);
Returns Promise<UploadOutput>
Upload a directory of files to S3.
dir
string The directory to upload to S3options
{prefix: string?, isPublic: boolean?, shouldCache: boolean?, cacheControlOverride: string?} (optional, default {}
)
options.prefix
The prefix to add to the uploaded file's path (optional, default ''
)options.isPublic
Whether all files uploaded should be made public (optional, default false
)options.shouldCache
Whether all files uploaded should get cache headers (optional, default false
)options.cacheControlOverride
A custom Cache-Control value that will
override the built-in lookup if
shouldCache is trueconst result = await delivery.uploadFiles(
'./dist/', // path to the directory on local drive to upload
{
isPublic: true,
prefix: 'output', // the key prefix to combine with `basePath`
}
);
Downloads a file from S3 to the local disk.
path
string The path to the file to downloaddest
string Where to put the file on the local diskoptions
{s3ETag: string?} (optional, default {}
)
options.s3ETag
If the ETag from S3 is already known, it can be provided hereconst result = await delivery.downloadFile(
'output/data.json', // key of file on S3 to download
'./downloaded/data.json', // where to download the file to the local drive
);
Downloads multiple files from a prefix on S3.
prefix
string The prefix to the directory on S3 to download fromdir
string Where to put all the files on the local diskconst result = await delivery.downloadFiles(
'production', // the key of the directory on S3 to download from
'./downloaded/', // where to download the files to the local drive
);
These represent the output objects from Delivery's commands.
What downloadFile and downloadFiles returns.
The file's path on S3.
Type: string
Whether the file was identical on S3 or locally and was skipped.
Type: boolean
What uploadFile and uploadFiles returns.
The file's ETag.
Type: string
The file's path on S3.
Type: string
Whether the file was identical on S3 or locally and was skipped.
Type: boolean
This file was made public on upload.
Type: boolean
The size of the uploaded file in bytes.
Type: number
Type: UploadOutput
MIT
FAQs
Push and pull assets to and from S3 the Data Graphics way.
The npm package @datagraphics/delivery receives a total of 154 weekly downloads. As such, @datagraphics/delivery popularity was classified as not popular.
We found that @datagraphics/delivery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.