Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@hypertrace/nodejsagent
Advanced tools
Readme
nodejsagent
provides a set of complementary instrumentation features for collecting relevant data to be processed by Hypertrace.
Then run: npm run build
, you can then install the generated .tgz as a normal dependency.
Note: Using npm link doesnt solve the local testing problem as it will use the hypertrace package dev-dependencies during instrumentation instead of the targetted node app
You can then run or debug the example application in the examples
directory.
If you want to update the protobuf definitions, first update the agent-config
submodule.
ex: git submodule update --init --recursive
You can then run npm run generate_pb
This will generate two files: ./src/instrumentation/config/generated.js
& ./src/instrumentation/config.generated.d.ts
Tests should be added to the test
directory, in a structure that matches that of the file you are attempting to test.
Ideally all functionality is testable in locally runnable unit-tests(as opposed to in a docker container), primarily for ease of debugging.
You can run all tests with npm run test
To build the layer & upload it to an AWS account:
1.) Run npm install && npm run build
2.) Run ./build_layer.sh <REGION>
where region is the region you want the layer to be available in
3.) Add an environment variable to your lambda: AWS_LAMBDA_EXEC_WRAPPER=/opt/hypertrace-instrument
4.) Configure reporting to a collector, you can set HT_REPORTING_ENDPOINT
to a valid OTLP collector address. - If using with a collector layer, no need to specify an OTLP address as it will export to localhost:4317
FAQs
Hypertrace Node.js Agent
We found that @hypertrace/nodejsagent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.