Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@hypertrace/nodejsagent
Advanced tools
Readme
nodejsagent
provides a set of complementary instrumentation features for collecting relevant data to be processed by Hypertrace.
agent-config
submodule.
git submodule update --init --recursive
./src/instrumentation/config/generated.js
and ./src/instrumentation/config.generated.d.ts
.
npm run generate_pb
npm run build
You can then install the generated .tgz as a normal dependency.
Note: Using npm link doesnt solve the local testing problem as it will use the hypertrace package dev-dependencies during instrumentation instead of the targetted node app
Run the example application
cd ./examples/correlation
config.yaml
if needed.npm install
npm start
Unit tests
cd ./test/externalServices
docker-compose up -d
cd -
npm run test
cd ./test/externalServices
docker-compose down
cd -
Tests should be added to the test
directory, in a structure that matches that of the file you are attempting to test.
Ideally all functionality is testable in locally runnable unit-tests(as opposed to in a docker container), primarily for ease of debugging.
To build the layer & upload it to an AWS account:
./build_layer.sh <REGION>
where region is the region you want the layer to be available inAWS_LAMBDA_EXEC_WRAPPER=/opt/hypertrace-instrument
HT_REPORTING_ENDPOINT
to a valid OTLP collector address. - If using with a collector layer, no need to specify an OTLP address as it will export to localhost:4317FAQs
Hypertrace Node.js Agent
The npm package @hypertrace/nodejsagent receives a total of 122 weekly downloads. As such, @hypertrace/nodejsagent popularity was classified as not popular.
We found that @hypertrace/nodejsagent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.