Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@evervault/sdk
Advanced tools
The Evervault Node.js SDK is a toolkit for encrypting data as it enters your server, and working with Functions. By default, initializing the SDK will result in all outbound HTTPS requests being intercepted and decrypted.
Before starting with the Evervault Node.js SDK, you will need to create an account and a team.
For full installation support, book time here.
See the Evervault Node.js SDK documentation.
Our Node.js SDK is distributed via npm, and can be installed using your preferred package manager.
npm install --save @evervault/sdk
yarn add @evervault/sdk
To make Evervault available for use in your app:
const Evervault = require('@evervault/sdk');
// Initialize the client with your team's api key
const evervaultClient = new Evervault('<API-KEY>');
// Encrypt your sensitive data
const encrypted = await evervaultClient.encrypt({ ssn: '012-34-5678' });
// Process the encrypted data in a Function
const result = await evervaultClient.run('<FUNCTION_NAME>', encrypted);
// Send the decrypted data to a third-party API
await evervaultClient.enableOutboundRelay();
const response = await axios.post('https://example.com', encrypted);
// Enable the Cages beta client
await evervaultClient.enableCagesBeta({ 'my-cage': { pcr8: '...' } });
// This connection will be attested by the Cages beta client
const response = await axios.post(
'https://my-cage.my-app.cages.evervault.com',
encrypted
);
The Evervault Node.js SDK exposes four functions.
evervault.encrypt()
encrypts data for use in your Functions. To encrypt data at the server, simply pass an object or string into the evervault.encrypt() function. Store the encrypted data in your database as normal.
async evervault.encrypt(data: Object | String);
Parameter | Type | Description |
---|---|---|
data | Object or String | Data to be encrypted. |
evervault.run()
invokes a Function with a given payload.
async evervault.run(functionName: String, payload: Object[, options: Object]);
Parameter | Type | Description |
---|---|---|
functionName | String | Name of the Function to be run |
data | Object | Payload for the Function |
options | Object | Options for the Function run |
Options to control how your Function is run
Option | Type | Default | Description |
---|---|---|---|
async | Boolean | false | Run your Function in async mode. Async Function runs will be queued for processing. |
version | Number | undefined | Specify the version of your Function to run. By default, the latest version will be run. |
evervault.createRunToken()
creates a single use, time bound token for invoking a Function.
async evervault.createRunToken(functionName: String, payload: Object);
Parameter | Type | Description |
---|---|---|
functionName | String | Name of the Function the run token should be created for |
data | Object | Payload that the token can be used with |
evervault.enableOutboundRelay()
configures your application to proxy HTTP requests using Outbound Relay based on the configuration created in the Evervault dashboard. See Outbound Relay to learn more.
async evervault.enableOutboundRelay([options: Object])
Option | Type | Default | Description |
---|---|---|---|
decryptionDomains | Array | undefined | Requests sent to any of the domains listed will be proxied through Outbound Relay. This will override the configuration created in the Evervault dashboard. |
debugRequests | Boolean | False | Output request domains and whether they were sent through Outbound Relay. |
evervault.enableCagesBeta()
configures your client to automatically attest any requests to Cages. See the Cage attestation docs to learn more.
async evervault.enableCagesBeta([cageAttestationData: Object])
Key | Type | Default | Description |
---|---|---|---|
<CageName> | Object Array | undefined | Requests to a Cage specified in this object will include a check to verify that the PCRs provided in the object are included in the attestation document. The provided data can be either a single Object, or an Array of Objects to allow roll-over between different sets of PCRs. |
await evervault.enableCagesBeta({
'hello-cage': {
pcr8: '97c5395a83c0d6a04d53ff962663c714c178c24500bf97f78456ed3721d922cf3f940614da4bb90107c439bc4a1443ca',
},
});
Bug reports and pull requests are welcome on GitHub at https://github.com/evervault/evervault-node.
Please see CONTRIBUTING.md for more details.
Questions or feedback? Let us know.
FAQs
Node.js SDK for Evervault
The npm package @evervault/sdk receives a total of 3,564 weekly downloads. As such, @evervault/sdk popularity was classified as popular.
We found that @evervault/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.