Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@sumor/app
Advanced tools
轻呈云应用框架
通过 npm 安装:
$ npm install --save @sumor/app
ES6方式
//例如要访问的程序路径为level1.level2.level3
import {level1} from '@sumor/app';
level1.level2.level3('parameter1');
Node.js CommonJS方式
//例如要访问的程序路径为level1.level2.level3
const {level1} = require('@sumor/app');
level1.level2.level3('parameter1');
const {App} = require("@sumor/app");
const app = new App();
app.handle({
_meta:{
program:{
"api.demo":{}// 参照实体定义
}
},
api:{
demo:(parameters,context)=>{
return parameters.p1;
}
}
});
app.serve();
// 然后您就可以通过运行提示访问您的应用了
启动服务后事件,可初始化全局变量等
交互上下文处理事件,可藉由此拓展上下文内容
错误处理,用于拓展错误发生处理额外的操作,如数据库回滚
在开发阶段,如您无法提供有效证书,将会自动生成临时证书。 临时证书是不被浏览器信任的,需要按照以下步骤完成证书启用,以达到调试目的。 请注意,该方案仅使用于本地测试环境,请勿用于正式用途
可跳过该步骤
inspect
或点击键盘F12Security
View certificate
Trust
高级
继续前往XXX(不安全)
构建轻呈云应用
类
path
应用目录FAQs
We found that @sumor/app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.