Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
firebase-bolt
Advanced tools
Bolt is an experimental security and rules compiler for Firebase. It is currently in early alpha. There are known bugs and incomplete features in the current implementation, so PLEASE DO NOT USE IN PRODUCTION applications.
Otherwise, we'd love to have feedback from early adopters. You can email questions to firebase-talk@googlegroups.com using "Bolt" in the subject line.
You can easily install the bolt compiler using npm:
$ npm install --global firebase-bolt
Execute the Bolt compiler from the command line (it reads a Bolt file from standard input and write a JSON rules file to standard output):
$ firebase-bolt < rules.bolt > rules.json
You can then upload the resulting firebase.json file via the firebase command line:
$ firebase deploy
The firebase command line tool version 2 will also compile your bolt file directly if you have firebase-bolt installed and you use the .bolt file extension in the rules property of your firebase.json configuration file.
You should have node.js and npm installed to use this repository.
Setup command line environment and lint, build, test.
$ source tools/use
$ configure-project
$ gulp
Check JavaScript source files for required formatting conventions:
$ gulp lint
Build Bolt parser from PEG grammar:
$ gulp build
Run command line tests:
$ gulp test
More extensive tests which include running against a sandboxed Firebase app:
$ run-tests
Run browser-based tests:
$ browser-tests
FAQs
Firebase Bolt Security and Modeling Language Compiler
The npm package firebase-bolt receives a total of 931 weekly downloads. As such, firebase-bolt popularity was classified as not popular.
We found that firebase-bolt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.