Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@ndelangen/get-tarball
Advanced tools
Download a tarball (optionally gzipped) to a folder & extract it in the process. Uses the wonderful & super quick tar-fs & gunzip-maybe srcraries.
Download a tarball (optionally gzipped) to a folder & extract it in the process. Uses the wonderful & super quick tar-fs & gunzip-maybe srcraries.
This is a Node.js module available through the
npm registry. It can be installed using the
npm
or
yarn
command line tools.
npm install download-tarball --save
/* eslint-disable import/no-extraneous-dependencies */
import download from 'download-tarball';
download({
url: 'http://link-to-tarball/file.tar.gz',
dir: '/dir/where/file/will/be/downloaded'
}).then(() => {
console.log('file is now downloaded!');
}).catch(err => {
console.log('oh crap the file could not be downloaded properly');
console.log(err);
});
download({
url: 'http://link-to-tarball/file.tar.gz',
dir: '/dir/where/file/will/be/downloaded',
// custom options that will be forwarded to got.stream(..., opts) can also be set
gotOpts: {
headers: {
beep: 'boop'
}
}
}).then(() => {
console.log('file is now downloaded!');
}).catch(err => {
console.log('oh crap the file could not be downloaded properly');
console.log(err);
});
download({
// neat, tar files works as well!
url: 'http://link-to-tarball/file.tar',
dir: '/dir/where/file/will/be/downloaded'
}).then(() => {
console.log('file is now downloaded!');
}).catch(err => {
console.log('oh crap the file could not be downloaded properly');
console.log(err);
});
npm install
npm test
MIT
FAQs
Download a tarball (optionally gzipped) to a folder & extract it in the process. Uses the wonderful & super quick tar-fs & gunzip-maybe srcraries.
The npm package @ndelangen/get-tarball receives a total of 1,147,621 weekly downloads. As such, @ndelangen/get-tarball popularity was classified as popular.
We found that @ndelangen/get-tarball demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.