Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@descope/audit-management-widget
Advanced tools
.env
fileIn the widget package create an .env
file which includes;
DESCOPE_BASE_URL= # env base url, default: "https://app.descope.com"
DESCOPE_PROJECT_ID= # your Descope's project ID
DESCOPE_TENANT= # tenant ID
DEBUG_MODE= # "true" / "false", default: "false"
DESCOPE_THEME= # "light" / "dark" / "os", default: "light"
DESCOPE_WIDGET_ID= # default: "audit-management-widget"
// replace x.x.x with the latest release of the widget: https://www.npmjs.com/package/@descope/audit-management-widget
<script src="https://static.descope.com/npm/@descope/audit-management-widget@x.x.x/dist/index.js"></script>
<descope-audit-management-widget
base-url="<DESCOPE_BASE_URL>"
project-id="<DESCOPE_PROJECT_ID>"
tenant="<DESCOPE_TENANT>"
debug="<DEBUG_MODE>"
theme="<DESCOPE_THEME>"
widget-id="<DESCOPE_WIDGET_ID>"
></descope-audit-management-widget>
/app
- contains index.html
/lib
- widget's source codelib/widget
- widget related implementationslib/widget/api
- Logic related to API callslib/widget/mixins
- Widget specific logiclib/widget/state
- State management logicThe widget is composed of mixins, each mixin contains specific logic parts, and sometime exposes an API that can be used in other mixins.
Mixins can be composed on top of each other, so we can create new mixins by composing several mixins together.
Functions that create mixins, can get a configuration, and returns the mixin functions.
Since mixins are composable, in some cases we want to make sure a mixin is loaded only once. For example: When there is no need for its logic to run multiple times when composed in different mixins.
For this case we have a wrapper function (createSingletonMixin
) to ensure that a mixin is loaded only once, regardless how many times it will be composed.
Mixins should be wrapped with the createSingletonMixin
wrapper function, unless there is a reason for running the mixin's logic multiple times.
We're using several tools to handle the widget's state:
An abstraction layer that provides an API for components, and enables handling interactions with components within the widget.
The motivation to use drivers is to decouple the widget's code from the component's implementation, and therefore it's important to interact with components only using drivers (and not relying on component's implementation details).
Since screen are fetched dynamically, when developing a new screen for the widget you will probably want to use mock templates. To do so, simply replace the call to fetchWidgetPage
with a string which includes your HTML.
FAQs
Descope audit management widget
The npm package @descope/audit-management-widget receives a total of 13,568 weekly downloads. As such, @descope/audit-management-widget popularity was classified as popular.
We found that @descope/audit-management-widget demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.