Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Command line tools to encode and parse data in the Concise Binary Object Representation (CBOR) data format (RFC7049).
A command-line interface for encoding and parse data in the Concise Binary Object Representation (CBOR) data format (RFC7049).
This project now only supports versions of Node that the Node team is
currently supporting.
Ava's support
statement
is what we will be using as well. Currently, that means Node 10
+ is
required. If you need to support an older version of Node (back to version
6), use cbor version 5.2.x, which will get nothing but security updates from
here on out.
$ npm install -g cbor-cli
There is a full API that this library depends on.
For all of these tools, if a hex string is not specified, or if the file name provided is -
, they will read from stdin and write to stdout.
From the command line:
cbor
$ cbor.js -h
Usage: cbor [options]
Options:
-V, --version output the version number
-c, --color Force color output even if stdout is not a TTY
-t, --type <type> Output type (one of: javascript, diagnose, comment) (default: "javascript")
-h, --help display help for command
Starts a Read, Edit, Print Loop (REPL), with the cbor package and all of its symbols already available. Almost everything you do in the REPL will also output the CBOR encoding of the result in hex, after the normal result.
cbor2comment
$ cbor2comment -h
Usage: cbor2comment [options] <file ...>
Options:
-V, --version output the version number
-x, --hex <string> Hex string input
-t, --tabsize [spaces] Indent amount
-h, --help display help for command
Convert the given file or hex string into the CBOR comment format. This is useful for understanding what each byte means.
cbor2diag
$ cbor2diag -h
Usage: cbor2diag [options] <file ...>
Options:
-V, --version output the version number
-x, --hex <STRING> Hex string input
-h, --help display help for command
Convert the given file or hex string into the CBOR diagnostic format. This is useful for getting a slightly more nuanced view into what CBOR came in on the wire than you would if you turned it all the way into javascript.
cbor2js
$ cbor2js -h
Usage: cbor2js [options] <file ...>
Options:
-V, --version output the version number
-x, --hex <STRING> Hex string input
-H, --hidden Include non-enumerable symbols and properties
-h, --help display help for command
Convert the given file or hex string into javascript objects, then use
util.inspect
to format them for consumption. This usually gives a much better idea of type
information, and is easier to read than JSON.
cbor2json
$ cbor2json -h
Usage: cbor2json [options] <file ...>
Options:
-V, --version output the version number
-x, --hex <STRING> Hex string input
-h, --help display help for command
Convert the given file or hex string into JSON. This loses type information, but does the best it can if you want interoperability with existing JSON tooling. For example, JSON can't express Dates, so they are output as ISO 8601 strings.
js2cbor
$ js2cbor -h
Usage: js2cbor [options] <file ...>
Options:
-V, --version output the version number
-x, --hex Hex string output
-c, --canonical Canonical output
-h, --help display help for command
Read the input files or stdin as if it were a commonjs package
json2cbor
$ json2cbor -h
Usage: json2cbor [options] <file ...>
Options:
-V, --version output the version number
-x, --hex Hex string output
-c, --canonical Canonical output
-h, --help display help for command
Converts the given JSON or JSON Text
Sequence file into binary CBOR. If -x
is given, instead outputs a hex-encoded version of the CBOR.
FAQs
Command line tools to encode and parse data in the Concise Binary Object Representation (CBOR) data format (RFC8949).
The npm package cbor-cli receives a total of 533 weekly downloads. As such, cbor-cli popularity was classified as not popular.
We found that cbor-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.