Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@loopback/authentication
Advanced tools
A LoopBack 4 component for authentication support. Its corresponding documentation is in LoopBack component authentication
This component contains the core logic for the authentication layer in LoopBack 4.
It contains:
npm install --save @loopback/authentication
Load the AuthenticationComponent into your application.
Extension developers need to:
Application Developers need to:
Create and register a passport based strategy
For detailed documentation, see AuthenticationComponent.
For a tutorial on how to add JWT authentication to an application, see How to secure your LoopBack 4 application with JWT authentication.
For some background on our design decisions, please read Multiple Authentication strategies.
Starting from version @loobpack/authentication@3.0.0
, UserProfile
needs to
be imported from @loopback/security and it's not backward compatible with the
one exported from @loobpack/authentication@2.x
. Make sure you follow the
new tutorial
to build the authentication system.
run npm test
from the root folder.
See all contributors.
MIT
FAQs
A LoopBack component for authentication support.
We found that @loopback/authentication demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.