Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@quenty/permissionprovider
Advanced tools
Permission provider for Roblox, including authenticating against group membership
Utility permission provider system for Roblox
npm install @quenty/permissionprovider --save
This permissions system originally supported the following scenarios:
The following features need to be added.
Permissions right now are global per a game. We need configurable, sharable, editable non-global permissions. This will require the following support.
The goal is to use this package as a backend for permissioning such that this package can understand and provide permissions that work out of the default. Permissioning model should act like Discord roles, where tagging is separated out from the actual permissions associated with a role.
This will require a roles package separate from this permission system. This can probably be done in separate packages roles
and role-permissions
which may not be open source available. Then, UI can be done in role-permission-ui
and be generalized and reused. This will also likely not be open source
We may leverage a role-provisioning system to handle permissions. We should build this role system and then assign permissions against the roles at this permission provider layer.
FAQs
Permission provider for Roblox, including authenticating against group membership
We found that @quenty/permissionprovider demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.