Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
DUH ("Spirit" in most slavic languages. pronounced /dûx/, with the final consonant of loch or Bach) is a suite of tools for packaging reusable hardware components and designs. DUH enables the generation of JSON5 (duh documents) for describing these components, and also enables export from these documents to output deliverables.
Check that you have Node.js
version (6 - 11) installed by running:
node --version
On Installing Node.js via package manager
Install duh
tool suite.
npm i duh
And test installation with duh --help
Base set of DUH tools to author duh documents:
Create
duh init
to create a base document.duh duh-import-verilog-ports
to import an interface from Verilog RTL of the componentInfer
duh-portinf
to infer mappings of portgroups to standard bus
definitions AXI, AHB, TileLink, etc.duh-portbundler
to group ports, which are unassigned to a bus
mapping, into structured bundles.duh validate
to test whether a given document conforms to the
DUH document structure.duh-export-scala
to generate scala black box wrappers for the
component.FAQs
Design Unit Hardware
The npm package duh receives a total of 8 weekly downloads. As such, duh popularity was classified as not popular.
We found that duh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.