Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
colour-challenge
Advanced tools
The aim of the colour challenge is to create a script to randomly generate an RGB colour every hour and programmatically name it with an adjective + noun.
The challenge was created as a way to compare the syntax between languages with a commonly themed application.
This version is written in Node.js and available as a package to download from NPM.
The application follows MVC principles:
./lib/util.js
. The data is stored within a JSON file../views/log.mst
written in HTML5 using mustache templating./lib/add.js
, ./lib/server.js
and ./lib/clear.js
Each operation is accessed through ./lib/cli.js
which acts as the command line interface. They can also be accessed through ./bin/cli
which NPM adds to the users path as colour-challenge
when installed.
To log the data hourly colour-challenge add
should be defined as a cron job.
The application requires Node.js and npm to be installed, instructions can be found at nodejs.org.
With Node installed use the following to install the application globally.
npm install -g colour-challenge
Alternatively install direct from the repository.
npm install -g https://github.com/StudioLE/node-colour-challenge.git
The app uses node-config so it's highly configurable. I recommend copying the ./config/default.json
file to ./config/local.json
and editing that so that your changes are not overwritten by future updates.
cd /usr/lib/node_modules/colour-challenge
cp config/default.json config/local.json
nano config/local.json
Add a single colour to the log
colour-challenge add
Add multiple colours to the log
colour-challenge add 10
Clear all previous logs
colour-challenge clear
Spin up a server to view the logs
colour-challenge server
To run the script on the hour every hour you will want to configure a cron job similar to the following:
0 * * * * colour-challenge add
Now you've seen how it's done why don't you take a shot in the language of your own choice? Or perhaps there's a framework you've been dying to try out? Give it a go and send us a link to your repository. The challenge is great for participants of all levels of experience.
FAQs
A Node.js response to the colour code challenge
The npm package colour-challenge receives a total of 3 weekly downloads. As such, colour-challenge popularity was classified as not popular.
We found that colour-challenge demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.