Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Device type detection library based on the useragent string. Refactored from express-device.
Basically the express-device gained life of it's own and I had to refactor the basic functionality (it makes sense). Many were using express-device only to identify the type of device and didn't want all the express stuff.
$ npm install device
Here's an example on how to use it:
var device = require('device');
var mydevice = device('put here user-agent string');
if(mydevice.is('bot'))
// do something...
else
// do another thing...
By doing this you're getting an object that have the following properties:
Name | Field Type | Description | Possible Values |
type | string | It gets the device type for the parsed user-agent string | desktop, tv, tablet, phone, bot or car |
model | string | It gets the device model name for the parsed user-agent string | Example: iPhone. If the option parseUserAgent is set to false, then it will return an empty string |
It accepts an object with only the config options you which to override (go here for some examples). The ones you don't override it will use the default values. Here's the list with the available config options:
Name | Field Type | Description | Possible Values |
emptyUserAgentDeviceType | string | Device type to be returned whenever the has an empty user-agent. Defaults to desktop. | desktop, tv, tablet, phone, bot or car |
unknownUserAgentDeviceType | string | Device type to be returned whenever the user-agent is unknown. Defaults to phone. | desktop, tv, tablet, phone, bot or car |
botUserAgentDeviceType | string | Device type to be returned whenever the user-agent belongs to a bot. Defaults to bot. | desktop, tv, tablet, phone, bot or car |
carUserAgentDeviceType | string | Device type to be returned whenever the user-agent belongs to a car. Defaults to car. | desktop, tv, tablet, phone, bot or car |
parseUserAgent | string | Configuration to parse the user-agent string using the useragent npm package. It's needed in order to get the device name. Defaults to false. | true | false |
In case you didn't notice there's also a method is() that will return a boolean (true or false) when you pass the device type that you want validate against (check the initial example).
Some contributed in the express-device repository.
Special thanks to @jimmybergman that allowed me to use his device
package for this refactoring.
Currently, device
is on version 0.3.7. In order to add more features I'm asking anyone to contribute with some ideas. You can do it by making some feature requests on the issues panel, but I prefer that you make your contribution with some pull requests ;)
The MIT License (MIT)
Copyright (c) 2015 Rodrigo Guerreiro
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Device type detection library based on the useragent string. Refactored from express-device.
The npm package device receives a total of 22,916 weekly downloads. As such, device popularity was classified as popular.
We found that device demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.