Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@quenty/permissionprovider
Advanced tools
Permission provider for Roblox, including authenticating against group membership
Utility permission provider system for Roblox
npm install @quenty/permissionprovider --save
This permissions system originally supported the following scenarios:
The following features need to be added.
Permissions right now are global per a game. We need configurable, sharable, editable non-global permissions. This will require the following support.
The goal is to use this package as a backend for permissioning such that this package can understand and provide permissions that work out of the default. Permissioning model should act like Discord roles, where tagging is separated out from the actual permissions associated with a role.
This will require a roles package separate from this permission system. This can probably be done in separate packages roles
and role-permissions
which may not be open source available. Then, UI can be done in role-permission-ui
and be generalized and reused. This will also likely not be open source
We may leverage a role-provisioning system to handle permissions. We should build this role system and then assign permissions against the roles at this permission provider layer.
FAQs
Permission provider for Roblox, including authenticating against group membership
We found that @quenty/permissionprovider demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.