Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
byu-group-mem
Advanced tools
Validates the group membership of a person
configuration - this is an object with the follow properties:
The middleware will return an JSON formatted error response to the client if one of these errors occurs. It will continue to the next middleware if the person ID found in the JWT verification step is found in the specified BYU group membership.
First you must utilize the byu-jwt package that facilitates the JWT verification for BYU. The request headers that are passed in to this function must supply the JWT authentication token in the established manner. You must also supply the well-known-url as the second parameter.
Next you must supply the byu-group-mem middleware function with the proper object and properties.
const express = require('express');
const byuJWT = require('byu-jwt');
const AuthenticationError = byuJWT.AuthenticationError;
const wso2 = require('byu-wso2-request');
const meta = require('meta-ngin');
const verify_group_mem = require('byu-group-mem');
const WELLKNOWN_URL = 'https://api.byu.edu/well-known-stuff/';
const api = express();
const clientKey = '';
const clinetSecret = '';
wso2.setOauthSettings({clientKey: clientKey, clientSecret: clientSecret, wellKnownUrl: WELLKNOWN_URL});
app.use((req, res, next) => {
byuJWT.authenticate(req.headers, WELLKNOWN_URL)
.then(verifiedJWTs => {
req.verifiedJWTs = verifiedJWTs;
next();
})
.catch(err => {
if (err instanceof AuthenticationError) {
return res.status(401).send(meta(401, err.message));
}
console.error(new Date().toISOString(), 'Unexpected error when determining authentication:\n', err);
return res.status(500).send(meta(500, 'Error determining authentication'));
});
});
app.use(verify_group_mem({
wso2_request_instance: wso2,
group_name: 'identity-codes-admin'
handler: (code, error) => {
return {my-metadata: meta(code, error))}
}
}))
app.use('/', function () {
//Handle all other api calls
});
app.listen(3000, function() {
console.log('Starting server');
})
FAQs
Validates the group membership of a person
The npm package byu-group-mem receives a total of 2 weekly downloads. As such, byu-group-mem popularity was classified as not popular.
We found that byu-group-mem demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.