Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
benchd
Advanced tools
Readme
benchd is a tool for benchmarking JavaScript code across different node.js/io.js versions from the browser.
Backend: node.js -- v0.10.0 or newer
Frontend: Any modern browser with WebSocket support
npm install -g benchd
Configuration is achieved by a JSON formatted config file. If the BENCHD_CONF
environment variable is set and points to a valid file, that will be used. Otherwise the server will look in the current working directory for benchd.conf
. If that also fails, then defaults will be used. Any command-line arguments of the same names will override any other config source.
Available config options:
address - string - This is the address the server listens on. Default: 0.0.0.0
jobAbandonTimeout - integer - This is the amount of time in milliseconds to allow a job's owner to be disconnected before removing (and stopping, if currently executing) the job. Default: 30 * 1000
maxConcurrency - integer - This is the maximum number of target processes that are allowed to run at any given time. Set to -1
as an alias for the number of available CPUs. Default: 1
maxJobSize - integer - This is the maximum size (in bytes) for a job (the JSON stringified version, including all benchmarks). Default: 512 * 1024
maxQueued - integer - This is the maximum number of queued jobs. Default: 1000
port - integer - This is the port the server listens on. Default: 80
targetsPath - string - This is the directory containing the target executables to make available for benchmarking against. Default: (current working directory)
timeout - integer - This is the target process timeout in milliseconds. Default: 5 * 60 * 1000
vanilla - boolean - Restrict benchmark code to a "pure"/vanilla JavaScript environment (e.g. no require()
, process
, etc.). If you disable this and are making the server public, PLEASE start the server in an appropriately protected environment. Default: true
Add support for async ("deferred") option for benchmarks
Better WebSocket error handling
Add per-benchmark timeout configuration option
Ability to easily share benchmark results (can load from/save to gist right now, but no easy way to discover benchmarks)
Add support for remote targets (e.g. via ssh) for multi-platform benchmarking
Tests
FAQs
Benchmark JavaScript code across different node.js/io.js versions from the browser
We found that benchd demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.