Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
JavaScript (Node.js and browsers) library and cli for aria2, "The next generation download utility."
aria2.js controls aria2 via its JSON-RPC interface and features
npm install aria2
var Aria2 = require("aria2");
or
<script src="node_modules/aria2/bundle.js"></script>
var Aria2 = window.Aria2;
Start aria2c in daemon mode with
aria2c --enable-rpc --rpc-listen-all=true --rpc-allow-origin-all
var aria2 = new Aria2([options]);
default options match aria2c defaults and are
{
host: 'localhost',
port: 6800,
secure: false,
secret: '',
path: '/jsonrpc'
}
secret
is optional and refers to --rpc-secret.
If the WebSocket is open (via the open method) aria2.js will use the WebSocket transport, otherwise the HTTP transport.
For HTTP, aria2.js makes use of the new fetch standard, you might need a polyfill if you want to support older browsers.
aria2.open()
opens the WebSocket connection.
aria2.onopen = function() {
console.log("aria2 open");
};
aria2.open([cb]);
// or
aria2.open().then(fn);
aria2.close()
closes the WebSocket connection.
aria2.onclose = function() {
console.log("aria2 closed!");
};
aria2.close([cb]); // callback style
// or
aria2.close().then(fn); // promise style
aria2.onsend()
is called for every message sent.
aria2.onmessage()
is called for every message received.
aria2.onsend = function(m) {
console.log("aria2 OUT", m);
};
aria2.onmessage = function(m) {
console.log("aria2 IN", m);
};
For a complete listing see aria2 methods.
If you passed the secret option to aria2.js, it will be automatically added to every request so there is no need to include it.
For every aria2 methods you can use
aria2.getVersion([params,] function(err, res) {
console.log(err || res);
});
or
aria2.send('getVersion', [params,] function(err, res) {
console.log(err || res);
});
aria2.getVersion([params]).then(fn);
or
aria2.send("getVersion", [params]).then(fn);
For a complete listing see aria2 notifications.
For every notifications you can bind a function.
aria2.onDownloadStart = function(gid) {
console.log(gid);
};
See example.
npm install
npm test
FAQs
Library and for aria2, "The next generation download utility."
The npm package aria2 receives a total of 249 weekly downloads. As such, aria2 popularity was classified as not popular.
We found that aria2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.