
Research
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
collar-http-transport
Advanced tools
http transport for collar.js
First install it with npm:
npm install collar-http-transport --save
Listen to HTTP/HTTPS requests
Require it and create an HttpServerTransport instance
const express = require('express');
const app = express();
const HttpServerTransport = require('collar-http-transport').HttpServerTransport;
const transport = new HttpServerTransport(
app, // express app
{ // options
baseUrl: 'http://localhost:3333', // base url
url: '/double' // route to listen
}
)
Next, use it in the listen and resp operator
ns.listen('/double', transport)
.map('value x 2', s => {
let v = s.get('value');
return s.new({
value: v * 2
});
})
.resp('send response', transport);
send request
Require it and create an HttpClientTransport instance
const HttpClientTransport = require('collar-http-transport').HttpClientTransport;
const clientTransport = new HttpServerTransport(
{
baseUrl: 'http://localhost:3333', // base url
url: '/double' // route to send request to
}
)
Next, use it in the req operator
ns.input('input')
.req('request', clientTransport)
.do('check result', s => {
console.log(s.getResult());
})
download the js file in build folder and include it in your webpage
<script src="js/collar-http-transport.min.v0.1.0.js"></script>
In browser, only client transport is available
send request
Create an HttpClientTransport instance
const clientTransport = new HttpClientTransport({
baseUrl: 'http://localhost:3333', // base url
url: '/double' // route to send request to
})
Next, use it in the req operator
ns.input('input')
.req('request', clientTransport)
.do('check result', s => {
console.log(s.getResult());
})
FAQs
collar.js http transport
The npm package collar-http-transport receives a total of 6 weekly downloads. As such, collar-http-transport popularity was classified as not popular.
We found that collar-http-transport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.

Product
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.

Product
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.