Research
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
By Kush Pandya - May 01, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
@vue-storefront/commercetools
Advanced tools
@vue-storefront/commercetools
Vue Storefront Next x Commercetools Module
How to install
- Open
nuxt.config.js - Inside
buildModules, line before@vue-storefront/nuxtadd:
['@vue-storefront/commercetools/nuxt', {
api: {
uri: 'https://api.commercetools.com/<your-api>/graphql',
authHost: 'https://auth.sphere.io',
projectKey: 'vsf-ct-dev',
clientId: '<id>',
clientSecret: '<secret>',
scopes: [
'create_anonymous_token:vsf-ct-dev',
'manage_my_orders:vsf-ct-dev',
'manage_my_profile:vsf-ct-dev',
'manage_my_shopping_lists:vsf-ct-dev',
'manage_my_payments:vsf-ct-dev',
'view_products:vsf-ct-dev',
'view_published_products:vsf-ct-dev'
]
},
locale: 'en',
currency: 'USD',
country: 'US',
acceptLanguage: ['en', 'de'],
countries: [
{ name: 'US',
label: 'United States' },
{ name: 'AT',
label: 'Austria' },
{ name: 'DE',
label: 'Germany' },
{ name: 'NL',
label: 'Netherlands' }
],
currencies: [
{ name: 'EUR',
label: 'Euro' },
{ name: 'USD',
label: 'Dollar' }
],
locales: [
{ name: 'en',
label: 'English' },
{ name: 'de',
label: 'German' }
]
}]
}]
Generate token middleware
Commercetools nuxt module injects middleware that is responsible for createing/refreshing token if needed - when user refreshes page. In some rare case, you might want to disable this middleware. If so, add disableGenerateTokenMiddleware to the @vue-storefront/commercetools/nuxt's options module in buildModules:
['@vue-storefront/commercetools/nuxt', {
// ...
disableGenerateTokenMiddleware: true
// ...
}]
Example config
export const config = {
api: {
uri: 'https://mysite.com/vsf-ct-dev/graphql',
authHost: 'https://auth.com',
projectKey: 'vsf-ct-dev',
clientId: 'yourClientId',
clientSecret: 'yourClientSecret',
scopes: [
'create_anonymous_token:vsf-ct-dev',
'manage_my_orders:vsf-ct-dev',
'manage_my_profile:vsf-ct-dev',
'manage_my_shopping_lists:vsf-ct-dev',
'manage_my_payments:vsf-ct-dev',
'view_products:vsf-ct-dev',
'view_published_products:vsf-ct-dev'
]
},
locale: 'en',
acceptLanguage: ['en', 'de'],
currency: 'USD',
country: 'US',
store: 'luxury-brand',
countries: [
{ name: 'US',
label: 'United States' },
{ name: 'AT',
label: 'Austria' },
{ name: 'DE',
label: 'Germany' },
{ name: 'NL',
label: 'Netherlands' }
],
currencies: [
{ name: 'EUR',
label: 'Euro' },
{ name: 'USD',
label: 'Dollar' }
],
locales: [
{ name: 'en',
label: 'English' },
{ name: 'de',
label: 'German' }
],
cookies: {
currencyCookieName: 'vsf-currency',
countryCookieName: 'vsf-country',
localeCookieName: 'vsf-locale',
storeCookieName: 'vsf-store'
}
};
FAQs
Unknown package
The npm package @vue-storefront/commercetools receives a total of 61 weekly downloads. As such, @vue-storefront/commercetools popularity was classified as not popular.
We found that @vue-storefront/commercetools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 18 Jan 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
By Olivia Brown - Apr 30, 2025
Product
A New Overview in our Dashboard
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
By André Staltz - Apr 29, 2025