Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A tiny wrapper for BorgBackup to automate your backup workflow
Please note borgjs needs you to run node >=6 and has been tested using borg
borgjs is a nodejs command line tool for BorgBackup.
After having tried a lot of backup solutions for my data, I've been using Borg for quite a while. It's rock solid and never let me down. It supports compression, de-duplication and encryption.
Backups should be as boring as possible, that's why I've created this tool in order to automate and constantly monitor the whole process, making it a little bit more user friendly.
Instead of writing complex bash scripts you can now just write a declarative configuration file, run borgjs in a crontab and forget about it.
It will take care of your backup workflow, sending you status reports through different possible channels.
onFinish
hook to do anything you want after finishing a backup.In order to use borgjs, you need to configure borg before. This is an easy step, just follow the installation guide on the borg website.
Initialize an empty borg repository (for more details see the borg quickstart guide)
$ borg init /path/to/repo
Install borgjs globally
$ npm i -g borgjs
Running a backup is as easy as creating a borg repository and run
$ borgjs -c /User/me/borgjs.config.js
or
$ borgjs $(date +%Y-%m-%d-%H%M%S) -c /User/me/borgjs.config.js >> /Users/me/logs/$(date +%Y-%m-%d-%H%M%S).log
in case you want to specify the archive name and log to a file (useful if you run in as a cronjob).
$ borgjs --help
A tiny wrapper for BorgBackup to automate your backup workflow
Usage
$ borgjs <archive><options>
Options
-c, --config config file path
Examples
# run borgjs
$ borgjs -c=/User/me/borgjs.config.js
#run borgjs specifying the archive name, and log output to a file
$ borgjs $(date +%Y-%m-%d-%H%M%S) -c /path/to/your/borgjs.config.js >> $(date +%Y-%m-%d-%H%M%S).log
You can also use borgjs programmatically:
const borgjs = require('borgjs')
const config = {
repository: '/Users/arny/Desktop/test/',
paths: [
'/Volumes/External/'
]
}
const archiveName = new Date().toString()
borgjs(config, archiveName)
.then(() => console.log('success'))
.catch((err) => console.log('error', err))
onFinish
hookBy defining an onFinish
callback function in the configuration file, it's possible to run any arbitrary code when a backup finishes.
// the config file
module.exports = {
onFinish: function (err, data, done) {
if (err) {
console.log('An error happened', err)
} else {
console.log(`Archive ${data.archiveName} created.`)
}
// invoke the done callback to let the process terminate properly
done()
}
}
It's possible to use the onFinish
callback to send emails or notifications about the executed backup (see the paragraph below for an example)
module.exports = {
// Specify an alternative absolute path for the borg executable
// defaults to the one in $PATH
// borgPath: '',
// Borg repository path
// can be remote or local
// see http://borgbackup.readthedocs.io/en/stable/usage.html#borg-init
// e.g. '/Users/me/Desktop/borg_backup' or 'user@myserver.cc:borg_backup'
repository: '', // MANDATORY
// An array of absolute paths to include in the backup
// paths that do not exist will be excluded (useful when a network share is not mounted)
paths: [ // MANDATORY
// '/Users/me',
// '/etc
],
// An array of files/directories to exclude from backup
// exclude: [
// '*/node_modules',
// '*.DS_Store'
// ],
// A prefix for backup archives
// archivePrefix: 'backup-',
// Create backup archive
// Use the options array to pass any options supported by borg create
// See https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create
create: {
options: [
'--compression', 'lz4',
'--filter', 'AME?'
]
},
// Check repo consistency
// Use the options array to pass any options supported by borg check
// See https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check
// check: {
// options: []
// },
// Retention policy for pruning old backups
// Use the options array to pass any options supported by borg prune
// https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
// prune: {
// options: [
// '-d', 30,
// '-w', 30,
// '--keep-within', '31d'
// ]
// }
// Set the following environment variables
// See https://borgbackup.readthedocs.io/en/stable/usage.html#environment-variables
env: {
BORG_REMOTE_PATH: 'borg1',
BORG_PASSPHRASE: 'passphrase'
},
// the onFinish callback
onFinish: function (err, data, done) {
const message = err
? 'the backup failed'
: `the archive ${data.archiveName} has been created`
var execSync = require('child_process').execSync
const command = `
curl -s --user 'api:key-3ax6xnjp29jd6fds4gc373sgvjxteol0' \
https://api.mailgun.net/v3/samples.mailgun.org/messages \
-F from='Excited User <excited@samples.mailgun.org>' \
-F to='devs@mailgun.net' \
-F subject='Hello from borgjs' \
-F text='${message}'
`
try {
execSync(command)
} catch () {}
// invoke the done callback to let the process terminate properly
done()
}
}
A backup is not a backup if it's not automated.
I personally use cronnix to schedule my backup sessions on my mac.
Borg can store data on any remote host accessible over SSH. If you prefer to store your offsite backup in some other fancy cloud storage, you can always backup to a local target, then upload it anywhere using rclone
I personally use rsync.net for my backup, they also apply dirt cheap pricing model to borg users. Please note I'm not affiliated with them, I'm just an happy paying customer.
This project adheres to Semantic Versioning.
Every release, along with the migration instructions, is documented in the CHANGELOG.md file.
MIT
FAQs
📦 A tiny wrapper for BorgBackup to automate your backup workflow
The npm package borgjs receives a total of 4 weekly downloads. As such, borgjs popularity was classified as not popular.
We found that borgjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.