![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@jcrafts/ldscli
Advanced tools
Readme
The LDS wizard is an SDFX command that automatically creates a functional luvio.raml
from an existing api.raml
.
For more information on RAML and how Luvio uses it, please refer to the Luvio documentation (https://luvio-docs.herokuapp.com/guide/quick-start#raml-overview).
Invoke the CLI with the following command:
$ ldscli lds:generate ./api.raml
The wizard asks a series of questions to determine certain output features of luvio.raml
and generates a luvio.raml
file to the same directory as the input api.raml
file.
<apiRamlPath>
- a positional argument to denote the location of the input api.raml file
--defaults
- uses default values for luvio.raml type annotations. This argument sets a luvio.ttl
to 15 seconds and omits luvio.opaque
and luvio.key
properties.
--force
- forces overwrite of an existing luvio.raml
file without asking for confirmation
This command processes the api.raml
file and creates a luvio.raml
file in the same directory.
$ ldscli lds:generate ./api.raml
The CLI returns a series of prompts similar to the following:
-----------------------
Define Type Annotations
-----------------------
TodoList
==========
? How often does this data change? (Use arrow keys)
Every second
Every 5 seconds
❯ Every 15 seconds
Every minute
Every 5 minutes
Every 15 minutes
? Should this type be stored as a blob? (luvio will not normalize its properties) (Y/n)
? Select the luvio.key properties
(Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◯ items
To overwrite a luvio.raml
file that already exists without prompting whether the user wants to overwrite it or not, run the following command:
$ ldscli lds:generate ./api.raml --force
If a luvio.raml
file already exists alongside the input api.raml
, you can overwrite the file by running this command:
$ ldscli lds:generate ./api.raml
The following prompt appears:
./luvio.raml already exists. Do you wish to overwrite? (Y/n):
An input of Y (or y) confirms overwrite, any other input will cancel and exit the wizard.
To use default values and skip prompts for luvio type annotations, run the following command:
$ ldscli lds:generate ./api.raml --defaults
api.raml
file (i.e., user-chosen resources to process)$ npm install -g @jcrafts/ldscli
$ sfdx COMMAND
running command...
$ sfdx (--version)
@jcrafts/ldscli/0.0.1 darwin-x64 node-v14.20.0
$ sfdx --help [COMMAND]
USAGE
$ sfdx COMMAND
...
sfdx lds:generate [-d] [-f] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
generates luvio.raml from supplied api.raml
USAGE
$ sfdx lds:generate [-d] [-f] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
ARGUMENTS
APIRAMLPATH Location of api.raml used for generating luvio.raml
FLAGS
-d, --defaults Use defaults for type annotations
(TTL=1000)
-f, --force Force overwrite of luvio.raml
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
DESCRIPTION
generates luvio.raml from supplied api.raml
EXAMPLES
$ ldscli lds:generate [apiRamlPath]
See code: src/commands/lds/generate.ts
FAQs
Unknown package
The npm package @jcrafts/ldscli receives a total of 51 weekly downloads. As such, @jcrafts/ldscli popularity was classified as not popular.
We found that @jcrafts/ldscli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.