Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
bower-registry-client
Advanced tools
Provides easy interaction with the Bower registry
$ npm install --save bower-registry-client
var RegistryClient = require('bower-registry-client');
var Config = require('bower-config');
var config = Config.read(process.cwd(), options);
var registry = new RegistryClient(config, logger);
The logger
is optional and is expected to be an instance of the bower logger.
Available constructor options:
cache
: the cache folder to use for some operations; using null will disable persistent cache (defaults to bower registry cache folder)registry.search
: an array of registry search endpoints (defaults to the Bower server)registry.register
: the endpoint to use when registering packages (defaults to the Bower server)registry.publish
: the endpoint to use when publishing packages (defaults to the Bower server)ca.search
: an array of CA certificates for each registry.search (defaults to null).ca.register
: the CA certificate for registry.registerca.publish
: the CA certificate for registry.publishproxy
: the proxy to use for http requests (defaults to null)httpsProxy
: the proxy to use for https requests (defaults to null)strictSsl
: whether or not to do SSL key validation when making requests via https (defaults to true).userAgent
: the user agent to use for the requests (defaults to null)timeout
: the timeout for the requests to finish (defaults to 60000)force
: If set to true, cache will be bypassed and remotes will always be hit (defaults to false).offline
: If set to true, only the cache will be used (defaults to false).Note that force
and offline
are mutually exclusive.
The cache will speedup operations such as list
, lookup
and search
.
Different operations may have different cache expiration times.
Looks the registry for the package name
,
registry.lookup('jquery', function (err, entry) {
if (err) {
console.error(err.message);
return;
}
// For now resp.type is always 'alias'
console.log('type', entry.type);
console.log('url', entry.url);
});
Registers a package in the registry.
registry.register('my-package', 'git://github.com/my-org/my-package.git', function (err, pkg) {
if (err) {
console.error(err.message);
return;
}
console.log('name', pkg.name);
console.log('url: ', pkg.url);
});
Searches the registry.
registry.search('jquery', function (err, results) {
if (err) {
console.error(err.message);
return;
}
results.forEach(function (pkg) {
console.log('name', pkg.name);
console.log('url', pkg.url);
});
});
Clears the persistent and runtime cache associated with the name
package.
If name
is null, clears the cache for every package.
Note that in most cases, you don't need to clear the cache since it has self expiration times.
// Clear jquery cache
registry.clearCache('jquery', function (err) {
if (err) {
console.error(err.message);
return;
}
console.log('Done');
});
// Clear all cache
registry.clearCache(function (err) {
if (err) {
console.error(err.message);
return;
}
console.log('Done');
});
Clears the in-memory cache used to speed up the instance.
Note that in most cases, you don't need to clear the runtime cache since it has self expiration times. Might be useful if you use this module in long-living programs.
registry.resetCache();
Clears the in-memory cache used to speed up the whole module. This clears the static in-memory cache as well as in-memory cache used by instances.
Note that in edge cases, some instance's in-memory cache might be skipped. If that's a problem, you should create fresh instances instead.
RegistryClient.clearRuntimeCache();
Released under the MIT License.
FAQs
Provides easy interaction with the Bower registry
The npm package bower-registry-client receives a total of 18,539 weekly downloads. As such, bower-registry-client popularity was classified as popular.
We found that bower-registry-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.