Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
auth0-bundler
Advanced tools
Bundle rules, scripts and hooks to deploy them to Auth0.
This allows you to
require
statements with relative file paths. This way common functionality can be shared between rules.createBundler
const createBundler = require('auth0-bundler');
const bundler = createBundler(options);
nodeVersion
: the node version that should be targeted (used for @babel/preset-env
), the default is 4
Bundles a single script, rule or hook so it can be deployed to Auth0. The rule needs to be written as a commonjs
module that exports a single function. This function takes an additional first parameter compared to being defined in Auth0: The injectedConfig
that can be specified at bundle time. Modules required from the node_modules
folder will not be bundled and will be required in the Auth0 environment as well. Auth0 provides a number of modules inside the Auth0 environment, to check whether a module can be required check webtaskio-canirequire.
Example:
Rule:
// my-rule.js
// Example rule to be deployed to auth0
// This dependency will be automatically bundled into the rule
const doRequest = require('../common/function');
// This dependency will be loaded using require
const R = require('ramda');
module.exports = function myRule(config, user, context, callback) {
return doRequest(`${config.baseUrl}/some/endpoint`, user).then(function (result) {
callback(null, R.merge({ some: 'result' }, result), context);
});
};
Bundle dependencies:
const createBundler = require('auth0-bundler');
const bundler = createBundler();
const config = { baseUrl: 'https://www.example.com' };
bundler
.bundleRule(config, `${__dirname}/my-rule.js`)
.then(console.log);
This is an example on how to use auth0-bundler and the Auth0 Management API client to automatically deploy a rule using auth0-bundler. Like this you can automatically deploy rules e.g. during a CI run.
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
token: '{YOUR_API_V2_TOKEN}',
domain: '{YOUR_ACCOUNT}.auth0.com'
});
const createBundler = require('auth0-bundler');
const bundler = createBundler();
const config = { baseUrl: 'https://www.example.com' };
bundler.bundleRule(config, `${__dirname}/my-rule.js`).then((bundledRule) => {
return management.createRule({
enabled: true,
name: 'my-rule',
order: 1,
stage: 'login_success',
script: bundledRule
});
});
This project is licensed under the MIT license. See the LICENSE file for more info.
1.1.2 (August 29, 2018)
FAQs
Bundle rules, scripts and hooks to deploy them to Auth0.
The npm package auth0-bundler receives a total of 30 weekly downloads. As such, auth0-bundler popularity was classified as not popular.
We found that auth0-bundler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.