Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
confortable
Advanced tools
Confortable is a super lightweight config file selector/finder for nodejs. It will look at the execution cwd, and if no config matching the name is found, and the cwd is inside $HOME, it will keep going up one directory until it hits $HOME. Example usage can be seen in logule. and combustion.
It does not parse the config, and thus does not enforce any structure upon the config file itself. It simply returns the best path || null.
Basic usage:
var conf = require('confortable');
confPath = conf('.logule'); // if non-null, this can be read by fs or required if js compatible
Optionally, a start directory (if cwd isn't sufficient) can be specified for the search start:
var confPath = require('confortable')('.combustion', templateDir);
$ npm install conf
Install development dependencies
$ npm install
Run the tests
$ npm test
MIT-Licensed. See LICENSE file for details.
FAQs
Finds the right recursively placed config file
The npm package confortable receives a total of 359 weekly downloads. As such, confortable popularity was classified as not popular.
We found that confortable demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.