Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
mr
package to help deploy merge requests project on test environment with docker, and provide a page to view these projects
this package can listen your project, and auto clone source code to deploy in docker for each merge request. When a merge request is closed or merged, this program will remove docker image and container which used by the closed or merged request.
Each time this program run, it will get all merge_requests are opened and try to deploy them.
finally, you can view them on localhost:8099(of course you can set this port)
Install
npm install test-mr-server
Before use
To use this package with docker-compose or docker build, we hope you provide a configuration file named continued.json in your project to us to know some details about your project like language .etc.
Besides, if you had build artifacts before deploy, we hope you can provide a script in your project to us to get these artifacts, otherwise, we would just clone this project and install dependence, build, this process may be very long...
Finally, you should open the gitlab or github web hooks to send request for this program to listen to your project. At least, you should open Job events and merge requests.
the continued.json maybe like this
{
"artifacts": {
"fetch": true
},
"scripts": {
"prebuild": "./scripts/install.sh",
"build": "./scripts/build.sh",
"postbuild": "./scripts/post-build.sh"
},
"deployment": {
"env": {
"NODE_DEBUG": "xxx"
},
"compose": {
"file": "docker-compose.yml", // docker-compose file path
"entry": "web" // docker service name, such as mr-server
}
}
}
Usage
mr ~/Document/continued.config.json
you can run this program with this command, which means set config file link to ~/Document/continued.config.json, about this .json, like this:
{
"project": "owner/repo",
"server": {
"hostname": "localhost",
"url": "localhost:8099",
"http": {
"port": 8099
}
},
"repository": {
"name": "gitlab",
"url": "https://gitlab.com",
"credentials": {
"privateToken": "123"
},
"polling": {
"interval": 600000
}
},
"ci": {
"name": "gitlab",
"url": "https://gitlab.com",
"credentials": {
"privateToken": "123"
},
"polling": {
"interval": 10000
}
},
"branches": {
"colors": {
"feature": "green",
"fix": "red"
}
},
"build": {
"env": {
"ENV_BUILD_SCRIPT_NEEDS": "test"
}
},
"deployment": {
"env": {
"ENV_DOCKER_COMPOSE_NEEDS": "test",
}
},
"tasking": {
"concurrency": 2
}
}
And then, this program would run as a resident process, it would output some message on the shell like docker building info, unzip file info, error message .etc.
FAQs
Monitor merge requests to continuous deployment
The npm package continued receives a total of 1 weekly downloads. As such, continued popularity was classified as not popular.
We found that continued demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Dec 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025