Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@sanbornagency/nodebb-theme-quest
Advanced tools
#QuestOracleCommunity NodeBB Forum – quest-nodebb-forum
To install the Quest Oracle Community Docker Development Network, please follow the instuctions here.
If you have chosen a production database, PLEASE TURN OFF NOTIFICATION AND DIGEST EMAILS in the NodeBB admin directly following restortion.
NOTE: The forums will not display correctly until one of the following build commands has been run in the quest-website directory:
$ yarn run development
- build for development$ yarn run production
- build for distribution$ yarn run watch
- build files for development whenever changes are detectedShould you choose to restore a database, you may download one in the NodeBB Admin.
This is not necessary if you're working with a clean data environment. However, if you've restored an API database with users, this step is highly recommended.
To retrieve a production database and restore it:
Login to the production site using a user with NodeBB admin permissions https://questoraclecommunity.com/login.
To get to the NodeBB admin, got to https://forum.questoraclecommunity.org, then click on the Go to Admin button on the top right of the page.
In NodeBB admin, select Plugins > SASS from the menu Pic
Select DOWNLOAD BACKUP from https://forum.questoraclecommunity.org/admin/plugins/saas
Unzip the downloaded file nodebb.objects.bson.gz to get nodebb.objects.bson
Use mongorestore
to restore the database locally
mongorestore -u <username> -p <password> -d <database> -c <collection>
mongorestore -d nodebb -c objects
If you have chosen a production database, PLEASE TURN OFF NOTIFICATION AND DIGEST EMAILS in the NodeBB admin directly following restortion.
The following plugins are required for NodeBB. They will be installed when following the Docker Network Installation instructions.
DEV / STAGING: Commits to the staging branch are automatically deployed to the staging server.
PRODUCTION: To update the NodeBB theme on production:
Increment the version number in package.json and set a matching tag on the master branch for the commit.
Manually trigger the Buddy Pipeline: Publish Theme to Private NPM Repository. This does not activate the changes to the theme on the production server. It just publishes the changes to NPM.js and makes them available to the production server.
After the Buddy pipeline finishes, go to the Forum Admin > Plugins > Quest Settings and click the UPDATE THEME button. https://forum.questoraclecommunity.org/admin/plugins/quest-settings
Once the process completes go to Forum Admin > Plugins > Install Plugins, you should see your new version listed by Latest under @sanbornagency/nodebb-theme-quest. Click to update. https://forum.questoraclecommunity.org/admin/extend/plugins
If you make changes to the forum's docker container, the container will reset and you'll be presented with the web install screen again. To avoid going through the setup process again do the following:
Open a shell in the container:
$ docker-compose exec forums bash
Install an editor and open config.json:
$ apt-get update && apt-get install -y vim && vi config.json
- OR -
$ apt-get update && apt-get install -y nano && nano config.json
Copy the contents of quest-nodebb-forum/config.json to docker-container:config.json:
{
"url": "http://forums.quest.local:4567",
"secret": "0ec25a44-7683-484f-8a41-5c562e6ac5d6",
"database": "mongo",
"port": "4567",
"mongo": {
"host": "mongo",
"port": "27017",
"username": "",
"password": "",
"database": "nodebb",
"uri": ""
}
}
Run npm install:
$ npm i passport-http-bearer aws-sdk gm dotenv cookies \
request-promise getstream elasticsearch http-aws-es \
crypto-js json2env universal-analytics nodebb-plugin-email-helper \
mime js-cookie json2csv html-entities dotenv
Start / Restart NodeBB:
$ ./nodebb build && ./nodebb dev
- OR -
(terminal OUTSIDE docker container) $ docker-compose restart forums
NodeBB should be run as part of the whole docker network. To start the docker network run $ docker-compose up -d
in the project directory.
Template file names and directory structure must mirror the templates they're replacing in the Node BB directory, as Node BB's build process will use the theme's templates to overwrite the defaults.
FAQs
Custom NodeBB theme for Quest Oracle Community
The npm package @sanbornagency/nodebb-theme-quest receives a total of 0 weekly downloads. As such, @sanbornagency/nodebb-theme-quest popularity was classified as not popular.
We found that @sanbornagency/nodebb-theme-quest demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.