Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@interval/server
Advanced tools
Interval Server is the central node used to run applications developed with the Interval SDK.
🚧 Note: Previously Interval Server was only available as a closed-source cloud service. Now, it is possible to run an instance yourself. This is a new direction for the Interval project and the fully open-source/self-hosted Interval Server application is still in early phases of development. If you encounter an issues setting up an Interval Server instance, please let us know by opening an issue!
Interval Server requires a Postgres database to work. In the future, especially for local development, we may ease this requirement.
We have tested Interval Server with Postgres versions 11.x and 12.x. Newer versions should work, but we do not plan to support anything older than 11.x.
Interval Server is a pure Node.js application. Node.js version 16 or higher is required to run Interval Server.
POSTMARK_API_KEY
environment variable is not provided when running Interval server, emails will not be sent.WORKOS_API_KEY
,WORKOS_CLIENT_ID
, and WORKOS_WEBHOOK_SECRET
environment variables are not provided when running Interval Server, these functions will not be available.SLACK_CLIENT_ID
and SLACK_CLIENT_SECRET
environment variables are not provided when running Interval Server, notifications cannot be sent via Slack.S3_KEY_ID
,S3_KEY_SECRET
,S3_BUCKET
, and S3_REGION
environment variables are not provided when running Interval Server, file uploads will not function properly.APP_URL
is the URL where your Interval Server instance is running. For example: http://localhost:3000
or https://example.com
.DATABASE_URL
is the Postgres connection string. It should follow the format postgresql://username:password@host:port/dbname
.SECRET
is a secret that you must provide for use in encrypting passwords. Any string is valid for this value, but you should use something secure!WSS_API_SECRET
is a secret that you must provide. It is used internally by Interval Server for communication between Interval services. Any string is valid for this value, but you should use something secure!AUTH_COOKIE_SECRET
is a secret that you must provide for use in encrypting session cookies. Any string at least 32 characters in length is valid for this value, but you should use something secure!Interval Server runs services on ports 3000
and 3033
. The main service runs on 3000
.
For development, you may wish to run an instance of Interval Server locally.
npm i -g @interval/server
.env
file like this:DATABASE_URL=<YOUR DATABASE URL>
SECRET=<YOUR SECRET VALUE>
APP_URL=<YOUR APP URL>
AUTH_COOKIE_SECRET=<YOUR AUTH COOKIE SECRET>
WSS_API_SECRET=<YOUR WSS API SECRET>
Note: you don't need to use a .env
file. As long as the required variables are set, you should be good to go.
interval-server db-init
to initialize one.interval-server start
to run interval-server
.Running Interval Server in production is largely the same as running in development. For convenience, we've created a Docker image to make this even easier.
The Interval Server Docker image is: docker.io/alexarena/interval-server:latest
.
Many services like Render make it trivial to deploy Docker images with just a few clicks.
Important things to know:
Once your Interval Server instance is up and running, it's trivial to connect to it from your Interval apps. Just add an endpoint
property pointing to your Interval Server instance to the Interval SDK's constructor. For example:
const interval = new Interval({
apiKey: process.env.INTERVAL_KEY,
endpoint: 'wss://<YOUR INTERVAL SERVER URL>/websocket', // Don't forget the /websocket path!
})
Note: if you're running Interval Server locally, this URL will use the insecure ws://
protocol, not the secure wss://
version used in production deployments.
Once you run npm i -g @interval/server
, the following commands are available:
interval-server start
Starts Interval Server. See above for information on running Interval Server locally or in production.
interval-server db-init
Creates and sets up an Postgres database for use with Interval Server.
psql must be installed for this command to work.
You must provide a DATABASE_URL
environment variable of the form postgresql://username:password@host:port/dbname
when running this command.
By default, the db-init
command will attempt to create a database with the name provided in your DATABASE_URL
environment variable. If you've already created the database and just need to apply create the appropriate tables etc., you can run interval-server db-init --skip-create
to skip the database creation step.
For our initial release, we're focused on making it easy to setup and run your own Interval Server instance. We'll make it easier to contribute (and document how you can) in the future, but for now we aren't actively soliciting new contributions.
FAQs
Interval Server is the central server for Interval apps
The npm package @interval/server receives a total of 3,151 weekly downloads. As such, @interval/server popularity was classified as popular.
We found that @interval/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.