Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
eco-rewards-hub
Advanced tools
Eco Rewards Hub
API to ingest and process passenger travel transactions and calculate eco rewards.
Installation
Node +12 and a MySQL compatible database are required. The Ubuntu set up is:
sudo apt-get install -y nodejs mariadb-server
# warning this will blank your root mysql password
sudo mysql -u root mysql -e "update user set authentication_string=password(''), plugin='mysql_native_password' where user='root'; flush privileges;"
Installing and running the service:
git clone git@github.com:EcoRewards/eco-rewards-hub.git
npm install --save eco-rewards-hub
npm run migrate
npm start
Running with pm2:
pm2 start ecosystem.config.js
CLI commands
There are some CLI commands to help get set up:
npm run cli -- create-scheme [name]
npm run cli -- create-organisation [name] [schemeId]
npm run cli -- create-group [name] [organisationId]
npm run cli -- create-user [name] [email] [password] [role]
npm run cli -- export-all-members
Functional requirements
The scope of the API is defined by a number of user stories in cucumber format.
See features.
Non-functional requirements
- Swagger documentation
- Secure API access
- Continuous integration with automated tests
Decision log
| Date | Decision | Reasoning |
|---|---|---|
| 2019-11-01 | Implement with node.js | Developers familiar with it, fast iteration speed |
| 2019-11-01 | Use a MySQL compatible database | Developers familiar with it, widely used |
| 2019-11-01 | Use AWS | It's convenient and widely used |
| 2019-11-18 | Do not use docker | Unnecessary for a project this size |
| 2019-11-18 | Make the code open-source | No need for private repository, cheaper tooling (Travis et al) |
| 2019-11-18 | Use travis CI | It's free |
| 2019-11-18 | Use cucumber to capture functional requirements | Track the evolution of requirements and use as a basis for functional tests |
| 2019-11-18 | Use use Koa | Widely used and supports promises |
| 2019-11-18 | Use db-migrate | Most widely used database migration tool |
| 2019-11-18 | Do not use an ORM | Seems like overkill when there are so few models |
| 2019-11-18 | Bcrypt passwords | Most secure, widely used method to salt passwords |
| 2019-11-19 | Basic auth for API access | Simple, widely used and easy to implement |
| 2019-11-21 | Swagger documentation | Comes with a slick UI and package to validate requests and responses |
| 2019-11-21 | Link based API responses | Reduces duplication in API responses. See this post |
| 2019-11-27 | Travis deployment | Simple, easy, as seen here |
| 2019-11-27 | PM2 process management | Makes the travis deployment easier |
License
This software is licensed under GNU GPLv3.
FAQs
Eco Rewards Hub
The npm package eco-rewards-hub receives a total of 1 weekly downloads. As such, eco-rewards-hub popularity was classified as not popular.
We found that eco-rewards-hub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Feb 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025