
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
@microsoft/dev-tunnels-ssh
Advanced tools
A Secure Shell (SSH2) client and server protocol implementation for Node.js and browser environments.
The following features are not implemented in typescript implementation yet, and we have plans to implement the same:
The TypeScript implementation supports either Node.js (>= 14.x) or a browser environment. When running on Node.js, it uses the Node.js built-in crypto module. When running in a browser it uses the Web Crypto API, which is supported by all modern browsers. However note that since script on a web page cannot access native TCP sockets, the standard use of SSH over TCP is not possible; some other stream transport like a websocket may be used.
The optional dev-tunnels-ssh-tcp
and dev-tunnels-ssh-keys
depend on the core dev-tunnels-ssh
package.
FAQs
SSH library for Dev Tunnels
The npm package @microsoft/dev-tunnels-ssh receives a total of 37,461 weekly downloads. As such, @microsoft/dev-tunnels-ssh popularity was classified as popular.
We found that @microsoft/dev-tunnels-ssh demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.