Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@socketsecurity/config
Advanced tools
Reader/parser/validator tool for Socket.dev's socket.yml
configuration files
npm install @socketsecurity/config
import { readSocketConfig } from '@socketsecurity/config'
const config = await readSocketConfig('socket.yml')
readSocketConfig(<path-to-config-file>)
Returns a Promise
that resolves to the parsed config file or, if no such file was found, it fails silently and returns undefined
.
If the config file can't be read, then the Promise
will be rejected with an error.
The read file is parsed using parseSocketConfig
and the Promise
from there is what is ultimately returned when no rejection or resolve has been made already.
parseSocketConfig(<content-of-config-file>)
Returns a Promise
that resolves to the parsed config.
If the config content can't be parsed or it is invalid, then the Promise
will be rejected with an error.
Any additional parameters that does not conform to the schema will be silently dropped. Also: Input data will be coerced into its intended shape when possible.
socketYmlSchema
A JSON Schema object typed with JSONSchemaType<SocketYml>
from Ajv
SocketValidationError
Error thrown when the parsed data doesn't conform to the JSON Schema definition.
Extends Error
and adds these additional properties:
data
– the data that's found to be invalidschema
– the schema used to validate the contentvalidationErrors
– an array of Ajv's ErrorObject
This module has full type coverage through a types in js where TypeScript validates JSDoc annotated javascript and exports it as standard type definition files.
SocketYml
A TypeScript type representing the shape of the parsed socket.yml
config
@socketsecurity/cli
- our CLI uses this to parse the Socket configFAQs
Config parser for Socket.dev
The npm package @socketsecurity/config receives a total of 1,180 weekly downloads. As such, @socketsecurity/config popularity was classified as popular.
We found that @socketsecurity/config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.