Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@streamr/cdn-location
Advanced tools
Library for getting own approximate location by querying CDN servers
CDN-location is a small package that provides a way to detect the very rough location of the computer running the code (in the order of the IATA code of the CDN server serving the computer). Location data of this accuracy is useful for example in building location-aware P2P networks where the location data can be used to optimize the network topology.
The location is detected using IATA code returned in HTTP response headers of:
The three services are queried in this order, and the first non-empty IATA code returned is used as the approximate location of the user.
CDN-location also provides a mapping from the IATA airport codes in use by Amazon, Fastly and Cloudflare to a numeric region number. The region numbers have been chosen according to a solution to the travelling salesman problem (TSP) of finding the shortest paths between the IATA airports, and by clustering the solution by country to ensure that aiports in a single country receive subsequent region numbers. These numeric region numbers can be used to ensure that users from nearby regions also are near to each other in the ID space of a P2P network.
npm install @streamr/cdn-location
import { getLocalRegion, getLocalAirportCode } from '@streamr/cdn-location'
(async () => {
// Returns the region number (ending with '00') of the detected
// local CDN point of presence.
// If the the local aiport code cannot be fetched from
// the CDN services, returns a random region number ending
// with '99' that is within the range of the
// region numbers in the file airportCodeToRegion.ts.
const regionNumber: number = await getLocalRegion()
// Returns the IATA code of the local CDN point of
// presence or undefined if the local aiport code
// cannot be fetched from the CDN services.
const airportCode: string|undefined = await getLocalAirportCode()
})()
The following information is meant for advanced users who wish to re-generate the data files used by the package. If you are not interested in re-generating the data files, you can skip this section.
The data file src/airportCodeToRegion.ts contains a mapping between IATA airport codes and numeric region IDs. The region numbers are chosen according to a solution to the travelling salesman problem (TSP) of finding the shortest paths between the IATA airports and clustering the result by country. The file src/airportCodeToRegion.ts is generated using the data and code found in data-generation folder.
The data generation is done in three steps:
You need to run the script prepareForTSPSolver.sh first, then run the TSP solver of your choice to generate a solution to the travelling salesman problem, and finally run the script generateDataFromTSPSolverResult.sh to generate the src/iataToRegion.ts file.
This package does not contain a TSP solver. It is up to the user who wishes to re-generate the data files to choose a TSP solver of their liking. You can find hints on how to solve the TSP problem from https://observablehq.com/@mourner/world-airports-shortest-roundtrip-tsp.
brew install jq
or sudo apt-get install jq
brew install pup
or sudo apt-get install pup
Running the script:
npm run prepare-for-tsp-solver
Description:
This script prepares the data for the TSP solver. It downloads the data of all the airports in the world from OurAirports, and extracts the IATA codes of the Amazon, Fastly and CloudFlare point of presence airports. The script then merges the IATA codes of the Amazon, Fastly and CloudFlare point of presence airports into a single file. The script enhances the data of the airports with coordinates, and continent and country codes. Finally, the script generates a file that contains just the index (starting with 1) and coordinates of the airports in the same order as in the airports file. This file is used as the input to the TSP solver of your choice.
Inputs:
Generated intermediate files:
Outputs:
Description:
This script takes the solution to the TSP problem from tsp-output/shortestpath.csv and combines it with the data of the airports in intermediate-files/airportsWithCoordinates.csv. The script then clusters the solution by country and assigns a numeric region number to each airport. The script finally generates a typescript file that contains the mapping between IATA airport codes and numeric region numbers. The script also generates a human-readable rendering of the mapping between IATA airport codes and numeric region numbers that can be used for checking the feasibility of the generated mapping.
Running the script:
npm run generate-data-from-tsp-solution
Inputs:
Outputs:
[101.1.2] - 2024-09-04
Operator#voteOnFlag
(https://github.com/streamr-dev/network/pull/2734)FAQs
Library for getting own approximate location by querying CDN servers
We found that @streamr/cdn-location demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.