Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
cloud-bucket
Advanced tools
Readme
Simple cross cloud (for now GCP and AWS) bucket API.
Current Features:
Roadmap:
npm install cloud-bucket
import {getBucket} from 'cloud-bucket';
// For AWS S3 (or minio)
const bucketCfg = {
bucketName: '_BUCKET_NAME_',
access_key_id: "_AWS_ACCESS_KEY_ID_",
access_key_secret: "_AWS_ACCESS_KEY_SECRET_",
minio_endpoint: "http://localhost:9000" // for minio (for mock s3)
};
// for google bucket
const bucketCfg = {
bucketName: '_BUCKET_NAME_',
project_id: '_GOOGLE_PROJECT_ID_NAME_',
client_email: '_GOOGLE_SERVICE_ACCOUNT_EMAIL_',
private_key: '-----BEGIN PRIVATE KEY-----\n_GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY_WITH_NEW_LINE_\n-----END PRIVATE KEY-----'
}
const bucket = await getBucket(bucketCfg);
//// Uploads
const file = await bucket.getFile('/some-file.txt');
// Return BucketFile or null if not found, throws exception if other error.
// upload to a folder
const remoteFiles = await bucket.upload('./some-file.txt', 'in-this-folder/');
// [{Bucket:...,
// path: 'in-this-folder/some-file.txt',
// size: 34, // size in bytes
// local: './some-file.txt' // only present for upload/download
// }]
// will upload to a specific name
const remoteFiles = await bucket.upload('./some-file.txt', 'in-this-folder/new-name.txt');
// upload a full folder remotely (recursive)
const remoteFiles = await bucket.upload('./some-dir/', 'remote-base-dir/');
//// List
const files = await bucket.listFiles();
// files: File[] (all files contained in this bucket, no pagination yet)
const files = await bucket.listFiles('in-this-folder/', {limit: 300});
// files: File[] (only file with the prefix 'in-this-folder/) and only the first 300;
const files = await bucket.listFiles('in-this-folder/**/*.txt');
// files: File[] (only file with the prefix 'in-this-folder/ and matching the glob);
// Note: Glob processing happen on the nodejs side.
// More result info by calling the list method.
const listResult = await bucket.list('in-this-folder/', {directory: true});
// {files: BucketFile[], dirs?: string[], nextMarker}
//// Download
const files = await bucket.download('in-this-folder/some-file.txt', './local-dir/');
// files: [{
// Bucket: ...,
// path: 'in-this-folder/some-file.txt',
// size: 34,
// local: `./local-dir/some-file.txt'
// }]
const files = await bucket.download('in-this-folder/**/*.txt', './local-dir/');
// Note: When glob as src, then, sub folder from the base path will be added in the local-dir
// files: [{
// Bucket: ...,
// path: 'in-this-folder/some-file.txt',
// size: 34,
// local: `./local-dir/some-file.txt'
// },{
// Bucket: ...,
// path: 'in-this-folder/sub-dir/another-file.txt',
// size: 34,
// local: `./local-dir/sub-dir/another-file.txt'
// },
//]
const deleted = await bucket.delete('some-file.txt');
// return true if deleted, false if not found, throws exception if other error.
FAQs
Simple multi cloud (Google Storage and AWS S3) bucket API
The npm package cloud-bucket receives a total of 8 weekly downloads. As such, cloud-bucket popularity was classified as not popular.
We found that cloud-bucket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.