Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
autocosts
Advanced tools
This calculator allows users to find the true cost of owning a car. It will normally give them a good estimate of what they really need to spend on car ownership. As car payments and expenses come due throughout the year, it's often difficult to really get a good understanding of total spending on a car. By default, these values are calculated on a monthly basis.
This calculator is and shall be completely anonymous, as it doesn't request nor permanently store, any name, email, cookies, IP address nor any other personal information.
https://autocosts.info
Playground: https://autocosts.info/XX
The translations are in corresponding json
files, namely in the folder src/countries/
.
The list of available countries is from the file src/countries/list.json
https://autocosts.info/domains
Clone it, install it, build it and run it
git clone https://github.com/jfoclpf/autocosts.git
cd autocosts/ && npm install
node bin/index.js
This will run a node
server application with the calculator. For more information on builidng run ./build.sh -h
. For more information on the application run node bin/index.js -h
.
Autocosts uses nodejs
, expressjs
and handlebars
to supply a server application that renders a car costs calculator as a webpage loaded by any common browser.
The project is optimized for a web-based version, and for an APP developped in Apache Cordova. The XX
stands for the 2-letter ISO country code, and not for the language, since for example United Kingdom and Australia have the same language but different realities concerning the taxes, the terms applied to automobile costs and the units for fuel efficiency. The translations/language files apply therefore only to the selected country. Additional countries are very welcomed.
The project already considers all the units and fuel efficiency cases, different in many countries. The variations for fuel efficiency are l/100km
, km/l
, mpg(US)
, mpg(imp)
and for distance are km
, miles
and mil
(Nordic mile=10km). More information can be found in the directory src/countries/
.
For more information regarding how the costs are calculated, you can check the src/client/core/coreFunctions.js
which is based on the 12 items that form the car costs for any given country. Namely they are:
Autocosts supports the following additional services, which can be enabled or disabled,
using the node bin/index.js
command line options:
Usage: node index.js [options]
Ex: node index.js -r prod --uber --dataBase
Options:
-r, --release 'work' for tests or 'prod' for production
-p, --port HTTP port on which the application is listening (default:3027 for tests, and 3028 for production)
--https Enables protocol https when available
--print Enables the standard printing of final report
--pdf Enables the downloading of a pdf final report (using pdfmake)
--social Enables social media plugin (js-socials)
--googleCharts Enables Google Charts on report
External API services, disabled by default
API credentials must be in either credentials/work/ or credentials/prod/ according to release
--cdn Enables Content Delivery Network
--uber Enables UBER API
--googleCaptcha Enables Google Captcha V2 anti-bot for calculation button
--googleAnalytics Enables Google Analytics
--dataBase Enables a mysql Database
-A --all Enables all the previous services
Autocosts also supports code such that the user inputs might be stored into a mysql
database.
The credentials file for said databse should be stored in directory credentials/prod/
or credentials/work/
,
the latter being the test version.
This file dataBase.json
should look like:
{
"host" : "*****",
"user" : "*****",
"password" : "*****",
"database" : "*****",
"port" : "***** (optional)",
"db_tables" : {
"country_specs" : "country_specs" ,
"users_insertions" : "users_insertions",
"monthly_costs_statistics" : "monthly_costs_statistics"
}
}
With the data from said database, it is also possible to make several statisitcal analysis, namely the average costs for each country, said statistical analysis having outlier removal techniques, such that such outliers do not distort the average.
Autocosts uses the UBER API, such that at the final repport, the user calculations can be compared with the equivalents costs if the user would use just UBER.
The uber secret token file uber.json
should be stored in credentials/prods/
or credentials/work/
,
the latter being the test version. This file uber.json
should be like:
{
"token": "********************************************"
}
Autocosts uses Google Charts to render the final charts, with several analysys. We plan to move to <a href=http://www.chartjs.org/>chartjs.org as it is free, open source and can be used offline.
You can add your Google Analytics credentials.
The file googleAnalytics.json
should be stored in credentials/prods/
or credentials/work/
,
the latter being the test version. This file googleAnalytics.json
should be like:
{
"trackingId": "UA-*******-*"
}
Autocosts support the Google Captcha v2 API to avoid spam bots from poluting the database.
The captcha secret key file googleCaptcha.json
should be stored in credentials/prods/
or credentials/work/
,
the latter being the test version.
This file googleCaptcha.json
should be like:
{
"secretKey" : "*************************************"
}
Autocosts also allow the final report to be printed into a PDF report. It makes use of pdfmake
npm package.
The Android APP can be found in Play Store. It uses Apache Cordova to convert JavaScript built code into APP built files (for example APK files in Android)
GNU GPLv3
http://www.gnu.org/licenses/gpl-3.0.en.html
http://choosealicense.com/licenses/gpl-3.0/
FAQs
Automobile Costs Calculator
We found that autocosts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.