Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
An extensible framework for working with Serial-Ports that required explicitly defined protocols. Also exposes minimal well-known protocols such as Modbus.
Note: This package is recommended to be used with TypeScript however all definitions are defaulted to counter this if need be. However full-functionality will be more accessible through TypeScript (such as dynamic protocol typing).
npm install ext-port
As a wrapper-utility, ext-port
allows defining typed parsers for a chosen serial-port. This can be done by creating an Ext.Parser
implementation and setting the parser
option with this value. This package also allows for better strategies for extending/inheriting serial-port interfaces.
By default, the Ext.Port.Stream
will act similarly to the serialport::SerialPort
implementation. When instantiated as below, the port defaults to an Ext.Bus<Buffer, Buffer>
protocol that expects stream data to be incoming and outgoing as buffers.
import { Ext } from 'ext-port';
// simple instantiation as before
const port = new Ext.Port.Stream({ path: '/dev/ROBOT', baudRate: 38400 });
port.on('incoming', (chunk: Buffer) => /** ... */); // port event-data
port.on('outgoing', (chunk: Buffer) => /** ... */); // written buffer
Since all extensible ports inherit from the base serialport::SerialPort
class, the functionality is almost identical. To improve functionality however, the callback-based methods have been replaced with Promise
based alternatives.
Parsers can be created by extending the Ext.Parser.Abstract
class. Using TypeScript
this enforces the inheritance of defining the m_transform
and m_flush
methods necessary for parsing incoming data.
import { Ext } from 'ext-port';
/// Protocol Definition.
type MyProtocol = Ext.Bus<string, string>;
/// Parser Implementation
class MyParser extends Ext.Parser.Abstract<MyProtocol> {
/**
* Converts the incoming buffer into pushable values.
* @param chunk Chunk to transform.
* @param encoding Encoding to use.
*/
protected m_transform(chunk: Buffer, encoding: BufferEncoding): string[] {
return [chunk.toString()];
}
/** For completeness, defining an empty flush value. */
protected m_flush(): string[] {
return [];
}
}
// simple construction now with type-inference
const port = new Ext.Port.Stream({ path: '/dev/ROBOT', baudRate: 9600, parser: new MyParser() });
port.on('incoming', (chunk: string) => /** ... */); // port event-data
port.on('outgoing', (chunk: string) => /** ... */); // written buffer
This allows us to construct complex transform-streams with ease. Alongside this, an Ext.Codec
can be attached to an Ext.Parser.Abstract
to define encode
, decode
, serialize
and deserialize
properties for parsing. This is useful when transforming to/from complex data-types.
Note: All the base parsers from serialport
can be placed as the parser
option as well. This library was designed around this functionality and extending transform streams to simplify using this library as a wrapper over the serialport
functionality.
Codecs can be created by extending any of the Ext.Codec
abstractions. These include:
Ext.Codec.Abstract
– The base codec abstraction.Ext.Codec.Merge
– Allows combining a pair of codecs.Ext.Codec.Primitive
– Codec for primitive types (eg: Buffer
).Ext.Codec.PassThrough
– Ensures primitive values are 'passed-through' (eg: no-change).Ext.Codec.Complex
– Adds simple JSON serialization for complex items (necessary for emitting out of transform streams).The primary purpose of this library is to help defining common protocols (with data-transformations). This could be useful for parsing GPS or Modbus as examples. The following have been implemented for users.
FAQs
Extensible Serial-Ports
The npm package ext-port receives a total of 3 weekly downloads. As such, ext-port popularity was classified as not popular.
We found that ext-port demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.