Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@rexlabs/npm-hook-slack
Advanced tools
Readme
An example slack integration that listens to registry hook events on an npm-hook-receiver and posts about them in a Slack channel.
To run the integration, set the required environment variables then run the index file:
node index.js
All configuration is done with environment variables. These are the vars used:
variable | meaning | required? | default |
---|---|---|---|
SLACK_API_TOKEN | the API token you generated in Slack | y | - |
SLACK_CHANNEL | the ID of the Slack channel to post to (not its name!) | y | - |
SHARED_SECRET | the shared secret set up for the hooks you'll be receiving | y | - |
PORT | the port number to listen on | n | 6666 |
MOUNT_POINT | the path to mount the hook on | n | /incoming |
SERVICE_NAME | used in logging | n | hooks-bot |
INFER_BOT_USER | post as the inferred bot user (bot needs to be in the channel!) | n | - |
ISC
FAQs
listen for npm package hooks and report on them to Slack
The npm package @rexlabs/npm-hook-slack receives a total of 0 weekly downloads. As such, @rexlabs/npm-hook-slack popularity was classified as not popular.
We found that @rexlabs/npm-hook-slack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 25 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.