Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@getkoala/browser
Advanced tools
To start watching files for changes and run a dev server:
yarn dev
You can now navigate to 127.0.0.1:8080
to test your changes. If you wish to automatically open the html page:
yarn dev --open
We push two versions of the sdk: the standalone version and the umd version. The "standalone" version is what typically ships to browsers via CDN and self-installs. The umd version attaches to the window object as well (in a browser environment) but must be manually initialized:
// if the umd script is loaded from CDN directly in the browser, you can find the module attached to `window.KoalaSDK`:
window.KoalaSDK.load({ project })
// or if you import it when using a bundler:
import * as KoalaSDK from '@getkoala/browser'
KoalaSDK.load({ project })
To test the standalone version, you can yarn dev
and navigate to http://localhost:8080/standalone.html?project=cardi-b
aws
cli - follow the latest docs on installing the AWS CLI. Once installed, make sure you've configured it via aws configure
.The Koala SDK is hosted on S3, and fronted by a Cloudflare Worker that acts as our CDN. To push a new version to S3:
yarn deploy
It will push the latest build into the koala-sdk/latest
bucket, as well as an immutable bucket associated with the current git sha: e.g. koala-sdk/e1b323d
FAQs
## Running locally
We found that @getkoala/browser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.