Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
auth0-access-token
Advanced tools
npm install --save auth0-access-token
Grab your credentials from Auth0. You can find them on your Auth0 application settings page.
import AuthClient from 'auth0-access-token'
const authClient = new AuthClient({
audience: 'YOUR_AUDIENCE'
clientId: 'YOUR_CLIENT_ID'
clientSecret: 'YOUR_CLIENT_SECRET'
url: 'YOUR_AUTH0_URL/oauth/token'
}
})
And then you can get your token with authClient.getToken()
Here's an example of how to get a token to use on a subsequent http request:
const fetchSecureData = async () => {
const token = await authClient.getToken()
axios({
method: 'POST',
url: '',
headers: { authorization: `Bearer ${token}` },
data: {...}
})
}
Interfaces | Description | Params | Returns |
---|---|---|---|
AuthClient | Constructor method, use new keyword | {audience, clientId clientSecret, url } | client instance |
client.getToken | Fetches token | empty | Promise<string> |
After you've made your changes to the package and pushed your branch, run:
npm version [patch|minor|major]
This will automatically bump up the version and push a new tag. If this is not done, the build will fail because npm doesn't allow publishing the same version twice. Make sure to follow semantic versioning.
Lastly, merge your PR and that check the drone build. If all goes well, it should automatically publish the new version to npm
.
Make it easier to test changes locally
FAQs
Tool that fetches access tokens from Auth0
The npm package auth0-access-token receives a total of 0 weekly downloads. As such, auth0-access-token popularity was classified as not popular.
We found that auth0-access-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.