Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
compd
(or composed) is a program that spawns of a custom command while ensuring a docker-compose
set of containers are running. It will wait for the containers to be started (and the programs within to be ready for requests, such as SQL databases), and (optionally) teardown the docker-composed containers. It forwards the exit code from the custom command and exits with the same exit code after the containers have been stopped.
Ports that are only specified on the container side (i.e. without hard-coded host ports) are deduced, and environment variables are provided to the running command. If a docker-compose file has a service called "redis"
and a container port 6379
, this will cause an environment variable to be created called REDIS_PORT_6379
with the value being the host port. If only one port is exposed, a shortcut environment variable without the the container port will be provided too, e.g. REDIS_PORT
.
Since 4.0, compd
will also detect the docker host (see below) and set _HOST
environment variables accordingly, e.g. REDIS_HOST
which is useful when this is not localhost.
Use compd
by installing it globally:
npm install -g compd
# or with yarn
yarn global add compd
compd --file docker-compose.yaml my-app
or run through npx
:
npx compd --file docker-compose.yaml my-app
When running docker-in-docker in some setups, spinning up a container may not make it reachable on localhost, but on another IP. compd
will (since 4.0) try to figure out this host by reading the DOCKER_HOST
environment variable. If this doesn't work, you can:
--docker-host=host:1.2.3.4
or--docker-host=env:{envvar}
orcompd
to detect it (by reading /sbin/ip route
or route -n
) using --docker-host=route
.When all host ports are deduced from the container ports, compd
start scanning the ports to see if they are open. When they are, compd
will try to deduce what potentially known services are being run (such as a redis server, a Postgres server etc) and will use different mechanisms for each type of server to detect if it is ready for requests. E.g. a Postgres port can be open, but the server not be available for requests immediately. It can take seconds for it to be ready.
The custom command won't be spawned until all ports with known servers are positively ready.
There is support for:
FAQs
Run a command under a docker-compose setup
We found that compd demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.