Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
await-targz
Advanced tools
await-targz 
await-targz is a module working with Promise and async/await providing operations to pack, unpack, upload and download tarballs. It uses the pkgcloud API which supports interactions with multiple cloud providers.
Installation
npm install await-targz --save
Usage
When using this module, the exported class accepts two arguments.
cdnupThe configurations for setup the cdnup instance. We use cdnup to easily consume the pkgcloud API.logThe logger for log out information and error. Everyone loves logs! diagnostics is set to default if no specific logger object provided.
An example of how to use it could be:
const Tar = require('await-targz');
const tar = new Tar({
cdnup: {
bucket: 'some_mock_bucket',
pkgcloud: {
provider: 'amazon',
endpoint: 'some_end_point',
keyId: 'this_is_a_mock_key_id',
key: 'this_is_a_mock_key',
forcePathBucket: true
}
},
log: your_logger_obj // if no logger provided, it will default to `diagnostics`
});
API
It provides the following API methods.
pack
You can use this method to pack a tarball by providing the source path and target path.
tar.pack('path/to/source/some-component', 'path/to/target/some-component.tar');
unpack
In reverse, this method is to unpack a tarball to a provided directory.
tar.unpack('path/to/tarball/some-component.tar', 'path/to/dir/some-component');
upload
Once when the pkgcloud API is setup correctly, you can upload the tarball to the provided endpoint, e.g. Ceph object center.
tar.upload('some-component-1a2b3c4.tgz', 'path/to/tarball/some-component.tar');
Once when you finish uploading, you can check through the corresponding cloud client UI/console to see if the tarball with name e.g. some-component-1a2b3c4.tgz is there or not.
download
You can download an existing tarball to a given directory using:
tar.download('some-component-1a2b3c4.tgz', { tarball: 'path/to/save/tarball/some-component.tar' });
remove
You can remove an existing tarball from the remote storage by using:
tar.remove('some-component-1a2b3c4.tgz');
exists
You can check if a file/tarball exists or not in remote storage by using:
tar.exists('some-component-1a2b3c4.tgz');
Test
npm test
License
FAQs
Make a thenable wrapper for tar functionalities
The npm package await-targz receives a total of 0 weekly downloads. As such, await-targz popularity was classified as not popular.
We found that await-targz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Jun 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024