Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@planet/palettes
Advanced tools
The core concept behind Palettes is to provide a mechanism for saving references to specific images.
TL;DR: There's no way to save a reference to a specific image or set of images in Planet Explorer.
Planet Explorer allows its users to save references to searches, like "San Francisco". A search returns a list of image results. When a user orders an image, they can download it. However, there's no way for that user to then view that image in Planet Explorer again. They would have to re-run their search, and find the image in the results.
The Planet Explorer workflow therefore, seems like a one-way street that runs you off of a cliff. We lead you towards finding an image and then downloading it, but if you want to recall that specific image and use it anywhere else in our app ecosystem (like, compare it with another image, or run analysis on it), you're out of luck. The assumption seems to be that a user doesn't need to recall an image again, because they ostensibly have their own tools they'll use once they've found the data they're interested in.
TL;DR: We should allow users to save a list of images, to empower other tools and applications.
The idea around Palettes is that once we enable users to save references to specific imagery, we open up the door to operating on those images.
A palette could be used:
Palettes is 2 things:
FAQs
Composing palettes of imagery
We found that @planet/palettes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.