Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Internal XY tool for checking domain configurations in AWS
# install globally
npm install -g dnslint
This will expose a cli named dnslint
to launch the tool.
Note: Make sure you have your AWS credatials configured
# Start check
dnslint
This will scan your entire AWS Route53 and output results in output.json
Options:
-V, --version output the version number
-o, --output [value] Output file path (default: "dnslint-report.json")
-d, --domainToCheck [value] Domain to Check
-h, --help output usage information
Make sure you put the config file in the same folder from where you are running the tool.
{
"$schema": "https://raw.githubusercontent.com/XYOracleNetwork/tool-domains-nodejs/master/dist/schema/dnslint.schema.json#",
"aws": {
"enabled": true
},
"domains": [
{
"name": "*",
"reverseDNS": {
"enabled": false
},
"records": [
{
"type": "*",
"html": true
}
]
},
{
"name": "xy.company",
"enabled": true
}
]
}
When aws=true is set in the dnslint.json file, then dnslint will read a list of domains from Route53, using the credentials configured in the AWS CLI
This project uses yarn
as a package manager
# install dependencies
yarn install
Developers should conform to git flow workflow. Additionally, we should try to make sure every commit builds. Commit messages should be meaningful serve as a meta history for the repository. Please squash meaningless commits before submitting a pull-request.
There is git hook on commits to validate the project builds. If you'd like to commit your changes
while developing locally and want to skip this step you can use the --no-verify
commit option.
i.e.
git commit --no-verify -m "COMMIT MSG"
See the LICENSE.md file for license details.
Made with 🔥and ❄️ by XY - The Persistent Company
FAQs
XYO Internal Domain Tool
The npm package dnslint receives a total of 7 weekly downloads. As such, dnslint popularity was classified as not popular.
We found that dnslint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.