Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
bin-init
Advanced tools
Readme
The init process, typically /sbin/init
, is a long-lived process started by the kernel during boot.
Init is responsible for starting system daemons such as sshd
, getty
, and dhcp
.
On Ubuntu the init daemon is Upstart.
Upstart, like most init daemons, has the concept of a system runlevel numbered 0-5.
When init starts, it uses the runlevel to decide how to boot the system.
The startup sequence involves parsing files in /etc/rcX.d
,
/etc/init
, and /etc/init.d
.
The node-os init daemon takes a different approach. The init daemon does nothing except basic job control.
127.0.0.1:1
that can be used to start and stop jobs.GET /jobs <-- list all jobs
POST /job <-- start a job
PUT /job/:id <-- start a job with a specific name
PUT /job/:id/sig/:sig <-- signal a process
GET /job/:id <-- get job info
DELETE /job/:id <-- clear a stopped job
Starting a job requires a JSON payload
{
"exec": "node",
"args": [ "server.js" ],
"cwd" : "/var/www",
"envs": {
"PORT": "80",
"PATH": "/bin:/root/bin"
},
"user": "www",
"group": "www"
}
Todo
init [next command and args]
After init starts its HTTP server, it passes the task of booting the system off to another process. You specify the next process by passing the command to init during start. These parameters can, and should, be passed to init by grub.
The next command effectively decides what order to boot system daemons in.
The npkg
command defined in node-os-npkg
provides a nice interface between init
and NodeJS packages installed on the system.
FAQs
node-os Init Daemon
The npm package bin-init receives a total of 3 weekly downloads. As such, bin-init popularity was classified as not popular.
We found that bin-init demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.