Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
cdk-tweet-queue
Advanced tools
This is an AWS CDK construct library which allows you to get a feed of Twitter search results into an SQS queue. It works by periodically polling the freely available Twitter Standard Search API and sending all new tweets to an SQS queue.
Inspired by @jlhood's aws-serverless-twitter-event-source
To issue a Twitter search request, you will need to apply for a Twitter developer account, and obtain API keys through by defining a new application.
The Twitter API keys are read by the poller from an AWS Secrets
Manager entry. The entry must contain
the following attributes: consumer_key
, consumer_secret
, access_token_key
and access_token_secret
(exact names).
Use npm
to install the module in your CDK project. This will also add it to
your package.json
file.
$ npm install cdk-tweet-queue
Add a TweetQueue
to your CDK stack:
import { TweetQueue } from 'cdk-tweet-queue';
const queue = new TweetQueue(this, 'TweetStream', {
// this is the ARN of the secret you stored
secretArn: 'arn:aws:secretsmanager:us-east-1:1234567891234:secret:xxxxxxxxx'
// twitter search query
// see https://developer.twitter.com/en/docs/tweets/search/guides/standard-operators
query: '#awscdk',
// optional properties
intervalMin: 60, // optional: polling interval in minutes
retentionPeriodSec: 60, // optional: queue retention period
visibilityTimeoutSec: 60, // optional: queue visilibity timeout
});
Now, queue
is an sqs.Queue
object and can be used anywhere a queue is
accepted. For example, you could process the queue messages using an AWS Lambda
function by setting up an SQS event source mapping.
This is a mono-repo which uses lerna. Here are some useful commands:
lerna run build
- builds all codelerna run watch --stream
-- runs tsc -w
in all modules (in parallel)lerna run test
- tests all codeThere is also an integration test that can be executed from the cdk-tweet-queue
package by running the following commands. You will need to set the
TWEET_QUEUE_SECRET_ARN
environment variable in order for the test to be able
to use your Twitter API keys.
$ npm run integ deploy
...
Don't forget to destroy:
$ npm run integ destroy
...
Apache-2.0
FAQs
Defines an SQS queue with tweet stream from a search
The npm package cdk-tweet-queue receives a total of 265 weekly downloads. As such, cdk-tweet-queue popularity was classified as not popular.
We found that cdk-tweet-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.