Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@dennisameling/keytar-temp
Advanced tools
A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault.
npm install keytar
Currently this library uses libsecret
so you may need to install it before running npm install
.
Depending on your distribution, you will need to run the following command:
sudo apt-get install libsecret-1-dev
sudo yum install libsecret-devel
sudo pacman -S libsecret
npm install
npm test
to run the testsEach release of keytar
includes prebuilt binaries for the versions of Node and Electron that are actively supported by these projects. Please refer to the release documentation for Node and Electron to see what is supported currently.
const keytar = require('keytar')
Every function in keytar is asynchronous and returns a promise. The promise will be rejected with any error that occurs or will be resolved with the function's "yields" value.
Get the stored password for the service
and account
.
service
- The string service name.
account
- The string account name.
Yields the string password or null
if an entry for the given service and account was not found.
Save the password
for the service
and account
to the keychain. Adds a new entry if necessary, or updates an existing entry if one exists.
service
- The string service name.
account
- The string account name.
password
- The string password.
Yields nothing.
Delete the stored password for the service
and account
.
service
- The string service name.
account
- The string account name.
Yields true
if a password was deleted, or false
if an entry with the given service and account was not found.
Find all accounts and password for the service
in the keychain.
service
- The string service name.
Yields an array of { account: 'foo', password: 'bar' }
.
Find a password for the service
in the keychain. This is ideal for scenarios where an account
is not required.
service
- The string service name.
Yields the string password, or null
if an entry for the given service was not found.
FAQs
Bindings to native Mac/Linux/Windows password APIs
The npm package @dennisameling/keytar-temp receives a total of 1 weekly downloads. As such, @dennisameling/keytar-temp popularity was classified as not popular.
We found that @dennisameling/keytar-temp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.