Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rushstack/rush-http-build-cache-plugin
Advanced tools
Rush plugin for generic HTTP cloud build cache
A Rush plugin that uses HTTP/HTTPS to manage cache objects.
Authentication is provided via standard Authorization
HTTP headers, with the value (a Bearer or Basic token) configured using a custom node script. Your "tokenHandler" node script is automatically called when the user updates their cloud credentials.
To use the HTTP build cache plugin, enable it in common/config/rush/build-cache.json
:
{
"buildCacheEnabled": true,
"cacheProvider": "http"
}
Then customize the httpConfiguration
block. For typical use cases, where you'll use a remote HTTP URL with authentication, you'll need to provide at least the url
and tokenHandler
options:
{
"httpConfiguration": {
"url": "https://build-cache.example.com",
"tokenHandler": {
"exec": "node",
"args": ["common/scripts/custom-script-that-returns-an-authentication-header.js"]
},
"isCacheWriteAllowed": false
}
}
(For more detail on the above properties and additional optional properties, consult the default build-cache.json
file.)
The HTTP build cache plugin offloads authorization to an external executable script that you define. A typical use case would be to create a simple script, for example common/scripts/cache-auth.js
, that prints an Authorization header value when executed.
For example:
node common/scripts/cache-auth.js
# => Bearer 0284357923592790DDb979dBcd2zz
How the script generates authorization values is up to you, and depends on the configuration of your remote cache server.
Possible implementations:
CACHE_USER
and CACHE_TOKEN
) defined by the developerThe HTTP build cache plugin can use almost any HTTP/HTTPS backend for remote caching, as long as it honors the following rules:
Authorization: Bearer xxx
or Authorization: Basic xxx
headers for authentication.form/multipart
MIME types).The Gradle Build Cache Server (typically used to support Gradle Remote Build Cache) meets all of the requirements above, so if you don't have another server in mind, you can use it as your remote backend.
First, start up and configure your build cache node locally:
java -jar build-cache-node-14.0.jar start
Second, configure your build-cache.json
file as described in the Configuration section:
url
must end with /cache/
, for example, http://localhost:5071/cache/
.isCacheWriteAllowed: true
.tokenHandler
to point to a script that prints a Basic or Bearer Authorization value (this can be a dummy string if you granted Read and Write to Anonymous in your build cache node configuration).Note that the Gradle Build Cache Server has a stricter format for its cache keys (they should be a simple hexadecimal hash with no non-alphanumeric characters). Configure this setting in your build-cache.json
file:
{
"cacheEntryNamePattern": "[hash]"
}
Last, initialize your cache credentials using Rush:
rush update-cloud-credentials --interactive
To test out your remote build cache with full debugging output (for spotting any errors reading or writing the cache), run with the --debug
flag:
rush --debug build --verbose
If you go on to deploy Rush remote build caching to your developers using the Gradle Build Cache, update your
tokenHandler
script to reflect your use case -- for example, you could require each developer to have a designated username/token configured via environment variables, and configure Cache Access Control with the corresponding entries. In this case thetokenHandler
script should read the environment variables and print out an Authorization header, for example:
// common/scripts/build-cache-auth.js const credentials = `${process.env.CACHE_USER}:${process.env.CACHE_TOKEN}`; console.log('Basic ' + Buffer.from(credentials).toString('base64'));
FAQs
Rush plugin for generic HTTP cloud build cache
The npm package @rushstack/rush-http-build-cache-plugin receives a total of 217,750 weekly downloads. As such, @rushstack/rush-http-build-cache-plugin popularity was classified as popular.
We found that @rushstack/rush-http-build-cache-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.