Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
cdk-tweet-queue
Advanced tools
This is an AWS CDK construct library which allows you to get a feed of Twitter search results into an SQS queue. It works by periodically polling the freely available Twitter Standard Search API and sending all new tweets to an SQS queue.
Inspired by @jlhood's aws-serverless-twitter-event-source
To issue a Twitter search request, you will need to apply for a Twitter developer account, and obtain API keys through by defining a new application.
The Twitter API keys are read by the poller from an AWS Secrets
Manager entry. The entry must contain
the following attributes: consumer_key
, consumer_secret
, access_token_key
and access_token_secret
(exact names).
Use npm
to install the module in your CDK project. This will also add it to
your package.json
file.
$ npm install cdk-tweet-queue
Add a TweetQueue
to your CDK stack:
import { TweetQueue } from 'cdk-tweet-queue';
const queue = new TweetQueue(this, 'TweetStream', {
// this is the ARN of the secret you stored
secretArn: 'arn:aws:secretsmanager:us-east-1:1234567891234:secret:xxxxxxxxx'
// twitter search query
// see https://developer.twitter.com/en/docs/tweets/search/guides/standard-operators
query: '#awscdk',
// optional properties
intervalMin: 60, // optional: polling interval in minutes
retentionPeriodSec: 60, // optional: queue retention period
visibilityTimeoutSec: 60, // optional: queue visilibity timeout
});
Now, queue
is an sqs.Queue
object and can be used anywhere a queue is
accepted. For example, you could process the queue messages using an AWS Lambda
function by setting up an SQS event source mapping.
The project is managed by projen and offers the following commands:
yarn projen
- Synthesize the project configuration.yarn compile
- Compile all source code.yarn test
- Run all tests.yarn build
- Complie, test, and package the module.There is also an integration test that can be executed by running the following commands. You will need to set the TWEET_QUEUE_SECRET_ARN
environment variable in order for the test to be able to use your Twitter API keys.
$ yarn integ:deploy
Don't forget to destroy:
$ yarn integ:destroy
You can also run any cdk command on the integration test application by running:
yarn integ <command>
Apache-2.0
FAQs
Defines an SQS queue with tweet stream from a search
The npm package cdk-tweet-queue receives a total of 265 weekly downloads. As such, cdk-tweet-queue popularity was classified as not popular.
We found that cdk-tweet-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.