Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
civicrm-cli
Advanced tools
This program allows you to search your civicrm contacts and print the result, from the comfort of your shell. After you install it globally, it creates a program *civicrm" you can call from the cli.
I wrote it because it's faster to type $civicrm Xavier than going to a browser, authenticating, going to /civicrm and type on the search tool on the top left to get contact detail
you can have several civicrm sites you can query
##installation $sudo npm -g install civicrm-cli
##configuration The configuration file contains all the key and api_keys of your site and is stored in ~/.config/civicrm.json
The needed parameters (site url, key, api_key) are going to be prompted the first time you run the program or when you run $civicrm setup
you can as well provide them from the command line $civicrm setup -s example --server=https://example.org --key=yoursitekey --api_key=theapikeyofyouruser
##usage $civicrm -s example xavier --> return the list of matching contacts 42: Dutoit, Xavier
$civicrm -s example view 42
Xavier Dutoit
+41 22 123 45 67
demo@example.org
$civicrm -s example csv xavier > xavier.csv
FAQs
Command line interface to civicrm. moslty searches now
We found that civicrm-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.