
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
bearer-token
Advanced tools
Callback with a rfc6750 OAuth 2.0 Bearer Token from an http request object, ready for verification.
npm install bearer-token
var bearerToken = require('bearer-token')
var http = require('http')
server = http.createServer()
server.listen(8000, function () {
console.log('server started on 8000')
})
server.on('request', function(req ,res) {
bearerToken(req, function(err, token) {
// Now you have to verify the token
})
})
Pass in a standard http
reuest
object to extract a single bearer token from the request in the callback, if it exists. If no bearer token is found, token
will be undefined. The first bearer token that is found is returned. Authentication headers take precidence over tokens found in the body.
var bearerToken = require('bearer-token')
bearerToken
is a single asyncronous function.
bearerToken(req, callback)
req
Accepts a standard http
request object. The request header and body are parsed in search of a bearer token. Tokens found in the request header take precidence over tokens in the body.callback(error, token)
Function is called with any errors and a token if found. A missing token is not grounds for an error (only parsing or unexpected errors).
error
Error object if anything bad happened.token
String if a token is found. You still need to verify it.Contributions welcome! Please read the contributing guidelines first.
bcomnes | GitHub/bcomnes |
---|---|
wpacks | GitHub/wpacks |
FAQs
Returns rfc6750 OAuth Bearer Token from an http request object
The npm package bearer-token receives a total of 27 weekly downloads. As such, bearer-token popularity was classified as not popular.
We found that bearer-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.