Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@website-checks/website-checks
Advanced tools
website-checks
checks websites with multiple services and generates PDF files of the reports.
These are currently:
Add the following lines to your ~/.npmrc
file:
//npm.pkg.github.com/:_authToken=<github-access-token>
@website-checks:registry=https://npm.pkg.github.com
You have to generate an access token for reading packages. To generate a new one go to https://github.com/settings/tokens/new.
Then install the package:
yarn global add @website-checks/website-checks
# or
npm i -g @website-checks/website-checks
Alternatively you can use the following:
yarn global add website-checks/website-checks
# or
npm i -g website-checks/website-checks
Only the current master and LTS releases of NodeJS are tested.
NodeJS >=10.12.0 is recommended.
In docker-compose.yml, modify the TARGET_URL variable to change the website.
Then run:
docker-compose up
Only Docker Engine versions 18.06.0+ are supported since the Docker Compose file version is 3.7.
website-checks example.com
website-checks example.com --output pdf
would save all PDF files to the local pdf
directory.
Currently the following CLI flags will run the matching checks:
--check-your-website
--crtsh
--cryptcheck
--hstspreload
--httpobservatory
--lighthouse
--psi
--securityheaders
--ssllabs
--webbkoll
--webhint
--yellowlab
For example website-checks example.com --lighthouse --securityheaders
will run the Lighthouse and Security Headers checks.
On Windows it may happen that the bundled binary throws the following error:
UnhandledPromiseRejectionWarning: Error: Chromium revision is not downloaded. Run "npm install" or "yarn install" at Launcher.launch
This is a known issue with all solutions like pkg
and nexe
and expected as Chromium is not bundled with the binary which would make it much bigger.
In most cases it should be solved by globally installing puppeteer
or by having Chrome or Chromium installed and in PATH
.
FAQs
checks websites with multiple services
The npm package @website-checks/website-checks receives a total of 1 weekly downloads. As such, @website-checks/website-checks popularity was classified as not popular.
We found that @website-checks/website-checks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.