Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
DeCidr is a Node.js application that generates a non-clashing CIDR block to be used with a peering connection.
Let's say you have a VPC called 'Backend' and you would like to peer many 'Front End' VPCs to it. To do this you can use 'Peering Connections' from AWS, which require non-clashing CIDR blocks. For each peering connection you will need to ensure the CIDR block does not clash with the backend CIDR block, or any of the other peerings.
Before creating your new VPC, DeCidr will read your 'Backend' VPC's Route Table(s) to determine what CIDR ranges are taken. It will then provide you with a valid, non-clashing CIDR range, to use on your new front end VPC.
Run yarn global add decidr
to install the application globally.
To use the tool you will need to provide all of the below required values. When specifying the tag value, you can use wild cards to match multiple route tables. This will ensure that the CIDR range does not clash with any of the matching route tables.
Verbose:
DeCidr --blockSize 24 --rangeStart 10.180.0.0 --rangeEnd 10.200.0.0 --tagName Name --tagValue private*-rtb
Minimal:
DeCidr -b 24 -s 10.180.0.0 -e 10.200.0.0 -t Name -x private*-rtb
Output:
10.180.0.0/24
-v --version
- Prints the version of DeCidr
-h --help
- Provides tool help information
Exit Code 1: Please provide all arguments (blockSize,rangeStart,rangeEnd,tagName,tagValue)
Exit Code 2: No availability in the range provided
yarn
to get the dependencies
yarn build
to build the project (must be done when making changes)
npm link
to create the symbolic link for running the binary from your terminal e.g. DeCidr -v
yarn test
to run all tests with coverage
yarn test:unit
to run the unit tests
yarn test:e2e
to run the end-to-end tests
FAQs
Suggests an available cidr range for a peering connection
The npm package decidr receives a total of 2 weekly downloads. As such, decidr popularity was classified as not popular.
We found that decidr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.