Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@evervault/sdk
Advanced tools
The Evervault Node.js SDK is a toolkit for encrypting data as it enters your server, and working with Cages. By default, initializing the SDK will result in all outbound HTTPS requests being intercepted and decrypted.
Before starting with the Evervault Node.js SDK, you will need to create an account and a team.
For full installation support, book time here.
See the Evervault Node.js SDK documentation.
Our Node.js SDK is distributed via npm, and can be installed using your preferred package manager.
npm install --save @evervault/sdk
yarn add @evervault/sdk
To make Evervault available for use in your app:
const Evervault = require('@evervault/sdk');
// Initialize the client with your team's api key
const evervaultClient = new Evervault('<API-KEY>');
// Encrypt your sensitive data
const encrypted = await evervaultClient.encrypt({ ssn: '012-34-5678' });
// Process the encrypted data in a Cage
const result = await evervaultClient.run('<CAGE_NAME>', encrypted);
The Evervault Node.js SDK exposes three functions.
evervault.encrypt()
encrypts data for use in your Cages. To encrypt data at the server, simply pass an object or string into the evervault.encrypt() function. Store the encrypted data in your database as normal.
async evervault.encrypt(data: Object | String);
Parameter | Type | Description |
---|---|---|
data | Object or String | Data to be encrypted. |
evervault.run()
invokes a Cage with a given payload.
async evervault.run(cageName: String, payload: Object[, options: Object]);
Parameter | Type | Description |
---|---|---|
cageName | String | Name of the Cage to be run |
data | Object | Payload for the Cage |
options | Object | Options for the Cage run |
Options to control how your Cage is run
Option | Type | Default | Description |
---|---|---|---|
async | Boolean | false | Run your Cage in async mode. Async Cage runs will be queued for processing. |
version | Number | undefined | Specify the version of your Cage to run. By default, the latest version will be run. |
evervault.cagify()
lets you deploy and run ordinary Node.js functions as Cages, inline.
This function will automatically deploy a function as a Cage and return a native async Node.js function that accepts the original parameters, but which invokes a Cage when run.
Note: evervault.cagify()
is a synchronous function and will block your event loop if no cage-lock.json file is present for the Caged functions.
evervault.cagify(cageName: String, cageFunction: Function);
Parameter | Type | Description |
---|---|---|
cageName | String | Name of the Cage to be run |
cageFunction | Function | The function to deploy as a Cage |
You may pass in an array of domains which you don’t want to be intercepted, i.e. requests sent to these domains will not be intercepted, and hence not decrypted. This array is passed in the ignoreDomains
option.
const evervaultClient = new Evervault('<API-KEY>', {
ignoreDomains: ['httpbin.org', 'facebook.com'], // requests to these domains will not be sent thorough Relay
});
To disable all outbound requests being decrypted, you may set the intercept
option to false
when initializing the SDK.
const evervault = new Evervault('<API-KEY>', { intercept: false });
Bug reports and pull requests are welcome on GitHub at https://github.com/evervault/evervault-node.
Please see CONTRIBUTING.md for more details.
Questions or feedback? Let us know.
FAQs
Node.js SDK for Evervault
We found that @evervault/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.