Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A lightweight library for getting Free SSL certifications through Let's Encrypt, using the ACME protocol.
ACME.js v3 is in private beta and will be available by Nov 1st.
Follow the updates on the campaign page, and contribute to support the project and get beta access now.
| acme-v2.js (npm) | acme-v2-cli.js | greenlock.js | goldilocks.js
A Zero (External) Dependency* library for building Let's Encrypt v2 (ACME draft 18) clients and getting Free SSL certificates.
The primary goal of this library is to make it easy to get Accounts and Certificates through Let's Encrypt.
* The only required dependencies were built by us, specifically for this and related libraries. There are some, truly optional, backwards-compatibility dependencies for node v6.
If you want something that's more "batteries included" give greenlock.js a try.
By the end of June 2019 we expect to have completed the migration to Let's Encrypt v2.1 (ACME draft 18).
Although the draft 18 changes themselves don't requiring breaking the API, we've been keeping backwards compatibility for a long time and the API has become messy.
We're taking this mandatory ACME update as an opportunity to clean up and greatly simplify the code with a fresh new release.
As of v1.7 we started adding transitional support for the next major version, v2.0 of acme-v2.js. We've been really good about backwards compatibility for
Due to the upcoming changes we've removed the old documentation.
Instead we recommend that you take a look at the Digital Ocean DNS-01 Example
That's not exactly the new API, but it's close.
# Production URL
https://acme-v02.api.letsencrypt.org/directory
# Staging URL
https://acme-staging-v02.api.letsencrypt.org/directory
Status: Small, but breaking changes coming in v2
This API is a simple evolution of le-acme-core, but tries to provide a better mapping to the new draft 11 APIs.
var ACME = require('acme-v2').ACME.create({
// used for overriding the default user-agent
userAgent: 'My custom UA String',
getUserAgentString: function(deps) {
return 'My custom UA String';
},
// don't try to validate challenges locally
skipChallengeTest: false,
skipDryRun: false,
// ask if the certificate can be issued up to 10 times before failing
retryPoll: 8,
// ask if the certificate has been validated up to 6 times before cancelling
retryPending: 4,
// Wait 1000ms between retries
retryInterval: 1000,
// Wait 10,000ms after deauthorizing a challenge before retrying
deauthWait: 10 * 1000
});
// Discover Directory URLs
ACME.init(acmeDirectoryUrl); // returns Promise<acmeUrls={keyChange,meta,newAccount,newNonce,newOrder,revokeCert}>
// Accounts
ACME.accounts.create(options); // returns Promise<regr> registration data
options = {
email: '<email>', // valid email (server checks MX records)
accountKeypair: {
// privateKeyPem or privateKeyJwt
privateKeyPem: '<ASCII PEM>'
},
agreeToTerms: function(tosUrl) {} // should Promise the same `tosUrl` back
};
// Registration
ACME.certificates.create(options); // returns Promise<pems={ privkey (key), cert, chain (ca) }>
options = {
domainKeypair: {
privateKeyPem: '<ASCII PEM>'
},
accountKeypair: {
privateKeyPem: '<ASCII PEM>'
},
domains: ['example.com'],
getZones: function(opts) {}, // should Promise an array of domain zone names
setChallenge: function(opts) {}, // should Promise the record id, or name
removeChallenge: function(opts) {} // should Promise null
};
promisify
from node's util or bluebirdoptions.contact
to provide raw contact arrayoptions.email
optionalacme-v2.js | MPL-2.0 | Terms of Use | Privacy Policy
FAQs
Free SSL certificates for Node.js and Browsers. Issued via Let's Encrypt
The npm package acme-v2 receives a total of 2,394 weekly downloads. As such, acme-v2 popularity was classified as popular.
We found that acme-v2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.