Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
aemsync
The code and content synchronization for Sling / AEM (Adobe Experience Manager).
aemsync
The code and content synchronization for Sling / AEM (Adobe Experience Manager).
Synopsis
The tool pushes content to AEM instance(s) upon a file change.
- There is no vault dependency.
- It can push to multiple instances at the same time (e.g. author and publish).
- IDE / editor agnostic.
- Works on Windows, Linux and Mac.
Installation
With npm do:
npm install aemsync -g
Usage
Simply run aemsync on your project path, make a change to any of your files or directories and watch the magic happen.
Advanced usage
CLI
Usage:
aemsync [OPTIONS]
Options:
-t <target> URL to AEM instance; multiple can be set.
Default: http://admin:admin@localhost:4502
-w <path_to_watch> Watch over folder.
Default: '.'
-p <path_to_push> Push specific file or folder.
-e <exclude_filter> Extended glob filter; multiple can be set.
Default:
**/jcr_root/*
**/@(.git|.svn|.hg|target)
**/@(.git|.svn|.hg|target)/**
-d <delay> Time to wait since the last change before push.
Default: 300 ms
-q <packmgr_path> Package manager path.
Default: /crx/packmgr/service.jsp
-c Check if AEM is up and running before pushing.
-v Enable verbose mode.
-h Display this screen.
Examples:
Magic:
> aemsync
Custom targets:
> aemsync -t http://admin:admin@localhost:4502 -t http://admin:admin@localhost:4503 -w ~/workspace/my_project
Custom exclude rules:
> aemsync -e **/*.orig -e **/test -e -e **/test/**
Just push, don't watch:
> aemsync -p /foo/bar/my-workspace/jcr_content/apps/my-app/components/my-component
Push multiple:
> aemsync -p /foo/bar/my-workspace/jcr_content/apps/my-app/components/my-component -p /foo/bar/my-workspace/jcr_content/apps/my-app/components/my-other-component
JavaScript API
import { aemsync, push } from 'aemsync'
// Interactive watch example.
const args = { workingDir }
for await (const result of aemsync(args)) {
console.log(result)
}
// Push example.
const args = { payload: [
'./foo/bar/my-workspace/jcr_content/apps/my-app/components/my-component',
'./foo/bar/my-workspace/jcr_content/apps/my-app/components/something-else'
]}
const result = (await push(args).next()).value
console.log(result)
JavaScript's arguments and defaults for aemsync() and push() functions:
const args = {
workingDir: '.',
exclude: ['**/jcr_root/*', '**/@(.git|.svn|.hg|target)', '**/@(.git|.svn|.hg|target)/**'],
packmgrPath: '/crx/packmgr/service.jsp',
targets: ['http://admin:admin@localhost:4501'],
delay: 300,
checkIfUp: false
}
Description
Watching for file changes is fast, since it uses Node's recursive option for fs.watch() where applicable.
Any changes inside jcr_root folders are detected and deployed to AEM instance(s) as a package. By default, there is an exclude filter in place:
- Changes to first level directories under
jcr_rootare ignored. This is to avoid accidentally removingapps,libsor any other first level node in AEM. - Any paths containing
.svn,.git,.hgortargetare ignored. - The exclude filter can be overridden. Do note that this will remove the above rules completely and if required, they must be added manually.
Delay is the time to wait to pass since the last change before the package is created. In case of bulk changes (e.g. switching between code branches), creating a new package per file should be avoided and instead, all changes should be pushed in one go. Lowering the value decreases the delay for a single file change but may increase the delay for multiple file changes. If you are unsure, please leave the default.
Caveats
- Packages are installed using package manager service (
/crx/packmgr/service.jsp), which takes some time to initialize after AEM startup. If the push happens before, the Sling Post Servlet will take over causing the/crx/packmgr/service.jsp/filenode to be added to the repository. Use-coption to performs a status check before sending (all bundles must be active). - Changing any XML file will cause the parent folder to be pushed. Given the many special cases around XML files, the handling is left to the package manager.
5.1.1
- Added file system exclusions.
Keywords
FAQs
The code and content synchronization for Sling / AEM (Adobe Experience Manager).
The npm package aemsync receives a total of 57,310 weekly downloads. As such, aemsync popularity was classified as popular.
We found that aemsync demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025