
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
bitbucketapi
Advanced tools
#node-bitbucket
Simple api wrapper for calling the bitbucket api
Returns promises.
If the token fails with a 401 it will throw a boom error w/ code 511 So that end-clients receiving errors can differentiate between 401s from your app and 401s from your own api
If you give it a client_id
, client_secret
, and refresh_token
it will
attempt to use those to get a new token
if the current one is found to
be expired. If this happens the instance variable token_refreshed
will be set to true, so you can test against that to see if the code
that is using this module needs to update its own state.
###examples
const BitBucketApi = require('bitbucketapi');
const bitbucket = new BitbucketApi({
token: 'required oauth token'
refresh_token: `optional refresh token`,
client_id: 'optional client_id',
client_secret: 'optional client secret',
token_refresh_function: function (new_token) {
// If defined, this function will be called with the value of a new token if one is generated
// You can use it to update your local state if you need.
}
});
return bitbucket.apiCall({ path: '/user' });
const BitBucketApi = require('bitbucketapi');
const bitbucket = new BitbucketApi({
token: 'oauth token'
});
return bitbucket.apiCall({ path: `/repositories/cool_user`, query: { role: 'member' } }).then((repos) => {
if (bitbucket.hasNextPage(repos) {
return bitbucket.apiCall({ next: repos.next }).then((nextRepos) {
return repos.values.concat(nextRepos.values);
}
}
//bitbucket.token_refreshed will be true here if a new token was retrieved
return repos.value;
});
FAQs
Simple api wrapper for calling the bitbucket api
We found that bitbucketapi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.