Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
appium-support
Advanced tools
Utility functions used to support libs used across appium packages.
npm install appium-support
Appium, as of version 1.5 is all based on promises, so this module provides promise wrappers for some common operations.
Most notably, we wrap fs
for file system commands. Note the addition of hasAccess
.
Also note that fs.mkdir
doesn't throw an error if the directory already exists, it will just resolve.
system.isWindows
system.isMac
system.isLinux
system.isOSWin64
system.arch
system.macOsxVersion
util.hasContent - returns true if input string has content
util.hasValue - returns true if input value is not undefined and no null
util.escapeSpace
util.escapeSpecialChars
util.localIp
util.cancellableDelay
util.multiResolve - multiple path.resolve
util.unwrapElement - parse an element ID from an element object: e.g.: {ELEMENT: 123, "element-6066-11e4-a52e-4f735466cecf": 123}
returns 123
util.wrapElement - convert an element ID to an element object of the form: e.g.: 123
returns {ELEMENT: 123, "element-6066-11e4-a52e-4f735466cecf": 123}
fs.hasAccess - use this over fs.access
fs.exists - calls fs.hasAccess
fs.rimraf
fs.mkdir - doesn't throw an error if directory already exists
fs.copyFile
fs.open
fs.close
fs.access
fs.readFile
fs.writeFile
fs.write
fs.readlink
fs.chmod
fs.unlink
fs.readdir
fs.stat
fs.rename
fs.md5
plist.parsePlistFile
plist.updatePlistFile
mkdirp
logger
zip.extractAllTo - Extracts contents of a zipfile to a directory
zip.readEntries - Reads entries (files and directories) of a zipfile
zip.toInMemoryZip - Converts a directory into a base64 zipfile
Basic logger defaulting to npmlog with special consideration for running
tests (doesn't output logs when run with _TESTING=1
in the env).
There are a number of levels, exposed as methods on the log object, at which logging can be made. The built-in ones correspond to those of npmlog, and are:
silly
, verbose
, info
, http
, warn
, and error
. In addition there is a debug
level.
The default threshold level is verbose
.
The logged output, by default, will be level prefix message
. So
import { logger } from 'appium-support';
let log = logger.getLogger('mymodule');
log.warn('a warning');`
Will produce
warn mymodule a warning
There are two environment variable flags that affect the way appium-base-driver
logger
works.
_TESTING
_TESTING=1
stops output of logs when set to 1
._FORCE_LOGS
1
, reverses the _TESTING
log.level
log[level](message)
level
import { logger } from 'appium-support';
let log = logger.getLogger('mymodule');
log.info('hi!');
// => info mymodule hi!
log.unwrap()
retrieves the underlying npmlog object, in order to manage how logging is done at a low level (e.g., changing output streams, retrieving an array of messages, adding log levels, etc.).
import { getLogger } from 'appium-base-driver';
let log = getLogger('mymodule');
log.info('hi!');
let npmlogger = log.unwrap();
// any `npmlog` methods
let logs = npmlogger.record;
// logs === [ { id: 0, level: 'info', prefix: 'mymodule', message: 'hi!', messageRaw: [ 'hi!' ] }]
log.errorAndThrow(error)
logs the error passed in, at error
level, and then throws the error. If the error passed in is not an instance of Error (either directly, or a subclass of Error
) it will be wrapped in a generic Error
object.
import { getLogger } from 'appium-base-driver';
let log = getLogger('mymodule');
// previously there would be two lines
log.error('This is an error');
throw new Error('This is an error');
// now is compacted
log.errorAndThrow('This is an error');
FAQs
Support libs used across appium packages
We found that appium-support demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.