Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@datawheel/bespoke-cms-warmup
Advanced tools
Based on Canon CMS Warmup https://github.com/Datawheel/canon/tree/master/packages/cms/scripts/warmup
Usage: npx @datawheel/bespoke-cms-warmup [command] [args]
Available commands are "scan" and "list".
If the command is not set, the script will execute the "scan" command.
Commands:
scan The "scan" command checks the available pages in the available
profiles, and run the tests on each page.
It has 2 modes: the "run" mode and the "retry" mode. The presence
of the --input argument determines which mode the script will run.
In run mode, the script needs to connect to the database and
retrieve the items the profiles are built with, then sets the
additional parameters.
Required : base, db[-props]
In retry mode, the script will use the results.json file generated
by a previous run. All the parameters were saved inside, so passing
them again is not needed.
Required : input
list The "list" command is a reduced version of the scan command.
Instead of generating the URLs, loading, and executing tests on
them, it just generates the URLs and saves them in a file.
This file can later be used in other tools, like siege.
Required : base, db[-props]
Arguments:
-b, --base The root url to use as template in the generation.
These variables will be replaced:
- ':profile' for the profile name
- ':page' for the page slug
-d, --debug Prints some extra variables for debugging purposes.
-H, --header Set a header for all requests. Multiple headers are allowed
but each must be preceeded by the flag, like in curl.
The 'Host' header can't be modified.
-h, --help Shows this information.
This parameter must be used once for each "key: value" combo.
-i, --input The path to the 'results.json' file of the previous run.
-o, --output The path to the folder where the reports will be saved.
Defaults to './cms_warmup_YYYYMMDDhhmmss'.
-p, --password The password in case of needing basic authentication.
--profile A comma-separated numbers with report_id: 1,2,3
If omitted or empty, all available profiles will be used.
--variant A comma-separated numbers with variant_id: 1,2,3
If omitted or empty, all available variants of selected profiles will be used.
-t, --timeout Time limit to consider a page load failed, in seconds.
-u, --username The username in case of needing basic authentication.
--db-host The host and port where to connect to the database.
Defaults to "localhost:5432".
--db-name The name of the database where the info is stored.
--db-user The username to connect to the database.
--db-pass The password to connect to the database, if needed.
--db The full connection URI string to connect to the database.
Format is "engine://dbUser:dbPswd@dbHost/dbName".
If this variable is set, the previous ones are ignored.
-w, --workers The number of concurrent connections to work with. Default: 2
npx @datawheel/bespoke-cms-warmup --base https://next-bespoke.oec.world/en/profile/:profile/:page --db "postgresql://xxxx:xxxxxx@pg-xxxx.oec.world:5432/xxxxx" --profile 1,2,4 --variant 33 --timeout 120 --workers 8 --output ./logs/warm_error.log
1- Make sure you are in /packages/warmup
folder.
node index.js --base https://next-bespoke.oec.world/en/profile/:profile/:page --db "postgresql://xxxx:xxxxxx@pg-xxxx.oec.world:5432/xxxxx" --profile 1,2,4 --variant 33 --timeout 120 --workers 8 --output ./logs/warm_error.log
1- Make sure you are in `/packages/warmup` folder.
2- Modify `package.json` version number.
3- Run `npm publish ./` .
FAQs
Warmup utility for Bespoke CMS pages
We found that @datawheel/bespoke-cms-warmup demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.