Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@everymundo/fake-config-server
Advanced tools
Simulates the config server for local development
npm install @everymundo/fake-config-server
Create a directory on your projects root folder to store your custom routes
mkdir -p resources/fake-routes
Add your .json files to that folder. The name of the file (excluding the .json) will be the path for the route. Example: you have a file named my-configs.json
, so when you list the directory's content you can see that file
ls resources/fake-routes
my-configs.json
Add the following scripts to your project's package.json file.
"scripts": {
"fake-config-server-start": "npm run fake-config-server-stop &> /dev/null; sleep 1; fake-config-server >> logs/fake-config-server.log 2>&1 & echo PID=$!",
"fake-config-server-stop": "killall -9 fakeConfigServer",
},
Don't forget to create the logs directory on your project's root folder, if you don't already have one.
mkdir logs
After configuring your npm scripts
you can just start the server with the command
npm run fake-config-server-start
To stop the server you can run
npm run fake-config-server-stop
By default the service will listen to all interfaces by using 0.0.0.0
and the default port is 54321
. If you set the ENV VAR CONFIG_SERVER_PORT to a different number that will be the new port.
So, assuming you are using the default port number, if you go to http://0.0.0.0:54321/ you should see the default route that cames as an example.
Notice that the request will be redirected to http://0.0.0.0:54321/airfare-cadmus-service-v1
In order to use your my-configs.json
file you must access http://0.0.0.0:54321/airfare-cadmus-service-v1/my-configs
If you access a non existing route it will show you a 404
JSON error with the available routes.
FAQs
Simulates the config server for local development
The npm package @everymundo/fake-config-server receives a total of 0 weekly downloads. As such, @everymundo/fake-config-server popularity was classified as not popular.
We found that @everymundo/fake-config-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 33 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.