
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
appcd-client
Advanced tools
The Node.js client for connecting to the Appc Daemon. Internally appcd-client uses a WebSocket for communicating with the server.
Visit https://github.com/appcelerator/appc-daemon for more information.
Report issues to GitHub issues. Official issue tracker in JIRA.
npm i appcd-client
import Client from 'appcd-client';
const client = new Client();
client
.request('/appcd/status')
.on('response', status => {
console.log(status);
client.disconnect();
})
.on('error', err => {
console.error('ERROR!');
console.error(err);
});
To subscribe to a service:
client
.request({
path: '/appcd/status/system/loadavg',
type: 'subscribe'
})
.on('response', status => {
console.log(status);
client.disconnect();
})
.on('error', err => {
console.error('ERROR!');
console.error(err);
});
request()
will automatically call connect()
, however it will error if the daemon is not
running. You can call connect()
prior to making your request and specify the startDaemon
flag:
const client = new Client();
(async () => {
try {
// connect to the daemon and start it if its not running.
await new Promise((resolve, reject) => {
client
.connect({ startDaemon: true })
.on('connected', resolve)
.on('error', reject);
});
await new Promise((resolve, reject) => {
client
.request('/appcd/status')
.on('response', status => {
console.log(status);
client.disconnect();
resolve();
})
.on('error', reject);
});
} catch (err) {
console.error('ERROR!');
console.error(err);
}
})();
This project is open source under the Apache Public License v2 and is developed by
Axway, Inc and the community. Please read the LICENSE
file included
in this distribution for more information.
FAQs
The Node.js client for connecting to the Appc Daemon.
The npm package appcd-client receives a total of 58 weekly downloads. As such, appcd-client popularity was classified as not popular.
We found that appcd-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.