Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@rocket.chat/apps-engine
Advanced tools
The engine code for the Rocket.Chat Apps which manages, runs, translates, coordinates and all of that.
TAPi18next.addResourceBundle(lang, projectName, translations);
)The Apps-Engine is Rocket.Chat's plugin framework - it provides the APIs for Rocket.Chat Apps to interact with the host system.
Currently, a Rocket.Chat App can:
Some features the Engine allows Apps to use:
When developing new functionalities, you need to integrate the local version of the Apps-Engine with your local version of Rocket.Chat.
First of all, make sure you've installed all required packages and compiled the changes you've made to the Apps-Engine, since that is what Rocket.Chat will execute:
npm install
npm run compile
Now, you need to setup a local Rocket.Chat server, so head to the project's README for instructions on getting started (if you haven't already). Make sure to actually clone the repo, since you will probably need to add some code to it in order to make your new functionality work.
After that, cd
into Rocket.Chat folder and run:
meteor npm install PATH_TO_APPS_ENGINE
Where PATH_TO_APPS_ENGINE
is the path to the Apps-Engine repo you've cloned.
That's it! Now when you start Rocket.Chat with the meteor
command, it will use your local Apps-Engine instead of the one on NPM :)
Whenever you make changes to the engine, run npm run compile
again - meteor will take care of restarting the server due to the changes.
Unable to resolve some modules:
"@rocket.chat/apps-engine/definition/AppStatus" in
/Users/dev/rocket.chat/Rocket.Chat/app/apps/client/admin/helpers.js (web.browser)
If you notice problems related to these missing modules, consider running:
meteor npm install --save @rocket.chat/apps-engine
Simply restart the meteor process and it should be fixed.
meteor npm install PATH_TO_APPS_ENGINE
will cause the following error :-npm ERR! code ENOENT
npm ERR! syscall rename
npm ERR! path PATH_TO_ROCKETCHAT/node_modules/.staging/@rocket.chat/apps-engine-c7135600/node_modules/@babel/code-frame
npm ERR! dest PATH_TO_ROCKETCHAT/node_modules/.staging/@babel/code-frame-f3697825
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, rename 'PATH_TO_ROCKETCHAT/node_modules/.staging/@rocket.chat/apps-engine-c7135600/node_modules/@babel/code-frame' -> 'PATH_TO_ROCKETCHAT/node_modules/.staging/@babel/code-frame-f3697825'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
Here PATH_TO_ROCKETCHAT
is the path to the main rocketchat server repo in your system
To correct this we reinstall the package once again deleting the previous package
~/Rocket.Chat$ rm -rf node_modules/@rocket.chat/apps-engine
~/Rocket.Chat$ cd PATH_TO_APP_ENGINE
~/Rocket.Chat.Apps-engine$ npm install
~/Rocket.Chat.Apps-engine$ cd PATH_TO_ROCKETCHAT
~/Rocket.Chat$ meteor npm install ../Rocket.Chat.Apps-engine
src/server/storage/AppStorage
src/server/storage/AppLogStorage
src/server/bridges/*
Makes great usage of TypeScript and decorators: https://github.com/alsatian-test/alsatian/wiki
npm run unit-tests
npm run check-coverage
npm run view-coverage
Handlers are essentially "listeners" for different events, except there are various ways to handle an event.
When something happens there is pre
and post
handlers.
The set of pre
handlers happens before the event is finalized.
The set of post
handlers happens after the event is finalized.
With that said, the rule of thumb is that if you are going to modify, extend, or change the data backing the event then that should be done in the pre
handlers. If you are simply wanting to listen for when something happens and not modify anything, then the post
is the way to go.
The order in which they happen is:
Here is an explanation of what each of them means:
To update or generate the documentation, please commit your changes first and then in a second commit provide the updated documentation.
We’d love to hear about your experience and potentially feature it on our Blog.
Once a month our marketing team releases an email update with news about product releases, company related topics, events and use cases. Sign Up!
FAQs
The engine code for the Rocket.Chat Apps which manages, runs, translates, coordinates and all of that.
The npm package @rocket.chat/apps-engine receives a total of 3,344 weekly downloads. As such, @rocket.chat/apps-engine popularity was classified as popular.
We found that @rocket.chat/apps-engine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.