
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
astro-cache-embed
Advanced tools
I wrote a [dev.to](https://dev.to) article downloader a while back, [reggi/fetch-dev-to-articles](https://github.com/reggi/fetch-dev-to-articles), the goal being to start to host my own content on my own server. I've since made the switch for my personal
astro-cache-embed
I wrote a dev.to article downloader a while back, reggi/fetch-dev-to-articles, the goal being to start to host my own content on my own server. I've since made the switch for my personal site to use Astro and go fully static. I'm really happy making the switch. Since I was thinking about importing my articles over was was faced with an issue dev.to uses liquid embeds for things like tweets, youtube, and gists, so I was thinking of coming up with a "drop-in" replacement for this kind of syntax:
{% embed https://twitter.com/thomasreggi/status/1704311117273550892 %}
Something using mdx
like :
<Embed href="https://twitter.com/thomasreggi/status/1704311117273550892" />
So I sought out to create somekind of embed for youtube
, twitter
, mastodon
, audio
, video
, images
, webpage social card
, and gist
, and what I came up with was / is much more then a simple "embed".
Whether you're importing a blog from a site or you're caching an embed the same issue arrises, the content isn't localized. The content is coming from other servers, and therefore it's prone to link-rot. Astro like many other blogging projects, is designed to be a static-site generator, when it comes to implmenting an embed you have two options:
I chose the latter to have the build process fetch embed data and build the site with it.
But there's a catch if you're building the site, what happens if you build in a month from now? You have to re-fetch all those dependencies again, and what if those services go down? In a world where sites like twitter have shut down their API's and getting tweet data is harder than ever it would be nice to know that my old embeds wont look like garbage one day, or worse, simply disapear. So I wanted to cache the embed data, I took this another step futher for media (images, audio, video) as well, I want to be able to build the site without a single fetch request, and have zero external dependencies.
I started out using astros built in content entity as a store, but quicky ran into issues. I wanted something light weight to cache fetch requests based on the url, and chose to go with file-based sqlite db, because it will always be localized in the project folder.
FAQs
I wrote a [dev.to](https://dev.to) article downloader a while back, [reggi/fetch-dev-to-articles](https://github.com/reggi/fetch-dev-to-articles), the goal being to start to host my own content on my own server. I've since made the switch for my personal
The npm package astro-cache-embed receives a total of 0 weekly downloads. As such, astro-cache-embed popularity was classified as not popular.
We found that astro-cache-embed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.