Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@rocket.chat/apps-cli
Advanced tools
The Rocket.Chat Apps CLI for interacting with Apps.
Extremely simple.
npm install -g @rocket.chat/apps-cli
Due to limitations of NodeJS's vm
package we have had to implement a custom logger class.
To make usage of this you can use this.getLogger()
and then do the normal console
style logging.
rc-apps create
The development tools provide a command to quickly scaffold a new Rocket.Chat App, simply run rc-apps create
and a new folder will be created inside the current working directory with a basic App which does nothing but will compile and be packaged in the dist
folder.
The app description file, named app.json
, contains basic information about the app. You can check the app-schema.json file for all the detailed information and fields allowed in the app description file, the basic structure is similar to this:
{
"id": "5cb9a329-0613-4d39-b20f-cc2cc9175df5",
"name": "App Name",
"nameSlug": "app-name",
"version": "0.0.1",
"requiredApiVersion": "^1.4.0",
"description": "App which provides something very useful for Rocket.Chat users.",
"author": {
"name": "Author Name <author@email.com>",
"support": "Support Url or Email"
},
"classFile": "main.ts",
"iconFile": "beautiful-app-icon.jpg"
}
The basic creation of an App is based on extending the App
class from the Rocket.Chat Apps definition library. Your class also has to implement the constructor and optionally the initialize
function, for more details on those check the App definition documentation.
import {
IAppAccessors,
IConfigurationExtend,
IEnvironmentRead,
ILogger,
} from '@rocket.chat/apps-engine/definition/accessors';
import { App } from '@rocket.chat/apps-engine/definition/App';
import { IAppInfo } from '@rocket.chat/apps-engine/definition/metadata';
export class TodoListApp extends App {
constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
super(info, logger, accessors);
}
public async initialize(configurationExtend: IConfigurationExtend, environmentRead: IEnvironmentRead): Promise<void> {
await this.extendConfiguration(configurationExtend, environmentRead);
this.getLogger().log('Hello world from my app');
}
}
Currently the Rocket.Chat servers and Marketplace allow submission of zip files, these files can be created by running rc-apps package
which packages your app and creates the zip file under dist
folder.
For uploading the app you need add to the required parameters in the .rcappsconfig already created in the apps directory. It accepts two types of objects:-
{
url: string;
username: string;
password: string;
}
{
url: string;
userId: string;
token: string;
}
To enable autocomplete for the apps cli use the command rc-apps autocomplete <your-shell-type>
with the shell type as zsh or bash as the supported types. This would provide a step by step instruction to enable shell completion in your preferred shell.
FAQs
The CLI tool for helping with Rocket.Chat Apps.
The npm package @rocket.chat/apps-cli receives a total of 139 weekly downloads. As such, @rocket.chat/apps-cli popularity was classified as not popular.
We found that @rocket.chat/apps-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.