Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Amazon Web Services node.js module. Originally a fork of aws-lib.
Either manually clone this repository into your node_modules directory, then run npm install
on the aws2js top directory, or the recommended method:
npm install aws2js
npm is a direct dependency of this library. It is used programmatically to install the dependencies for XML and MIME parsing.
By default, the module installs as dependencies the libxml-to-js and the mime-magic libraries. Under Windows, it installs by default with xml2js and mime-magic.
Basically, under Windows the default installation is the equivalent of:
npm install aws2js --xml2js true
If you want to install the library without binary dependencies, you can issue this npm command:
npm install aws2js --xml2js true --mime true
This installs the library with xml2js and mime as dependencies. Please notice that the mime library detects the MIME type by doing a file extension lookup, while mime-magic does it the proper way by wrapping the functionality of libmagic. You have been warned.
The '--xml2js true' and '--mime true' are boolean flags, therefore you may use them in any combination, if applicable.
In order to use these flags when this package is referenced from a package.json file, the recommendations are:
The above methods are equivalent. You need to pick just one.
For the moment, this project is largely a one man show. Bear with me if things don't move as fast as they should. There are a handful of aws2js contributors as well. The community makes things to be better for everyone.
If you'd like to contribute your line of code (or more), please send a pull request against the future branch. This makes things to be easier on my side. Feature branches are also acceptable. Even commits in your master branch are acceptable. I don't rely on GitHub's merge functionality as I always pull from remotes and manually issue the merge command.
I ask you to patch against the future branch since that's the place where all the development happens, therefore it should be the least conflicts when merging your code. I use the master only for integrating the releases. The master branch always contains the latest stable release.
FAQs
AWS (Amazon Web Services) APIs client implementation for node.js
The npm package aws2js receives a total of 187 weekly downloads. As such, aws2js popularity was classified as not popular.
We found that aws2js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.