Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gcp-metadata
Advanced tools
The gcp-metadata npm package is a library that allows users to query Google Cloud Platform's (GCP) metadata service for information about the currently running instance and project. This can be useful for applications that need to understand their environment within GCP, such as retrieving instance attributes or project details.
Instance Metadata
Retrieve metadata of the current GCP instance. This includes details like the instance ID, zone, and custom metadata.
const gcpMetadata = require('gcp-metadata');
async function getInstanceMetadata() {
if (await gcpMetadata.isAvailable()) {
const instanceMetadata = await gcpMetadata.instance();
console.log(instanceMetadata);
}
}
getInstanceMetadata();
Project Metadata
Fetch metadata of the current GCP project. This can include project-wide attributes like project ID and numeric project number.
const gcpMetadata = require('gcp-metadata');
async function getProjectMetadata() {
if (await gcpMetadata.isAvailable()) {
const projectMetadata = await gcpMetadata.project();
console.log(projectMetadata);
}
}
getProjectMetadata();
Check Metadata Server Availability
Determine if the GCP metadata server is available and reachable from the instance.
const gcpMetadata = require('gcp-metadata');
async function checkAvailability() {
const isAvailable = await gcpMetadata.isAvailable();
console.log('Metadata service available:', isAvailable);
}
checkAvailability();
The AWS SDK for JavaScript allows developers to interact with AWS services. It includes a module for querying the AWS EC2 instance metadata service, which is similar to what gcp-metadata does for GCP.
Get the metadata from a Google Cloud Platform environment
A comprehensive list of changes in each version may be found in the CHANGELOG.
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
npm install gcp-metadata
const gcpMetadata = require('gcp-metadata');
async function quickstart() {
// check to see if this code can access a metadata server
const isAvailable = await gcpMetadata.isAvailable();
console.log(`Is available: ${isAvailable}`);
// Instance and Project level metadata will only be available if
// running inside of a Google Cloud compute environment such as
// Cloud Functions, App Engine, Kubernetes Engine, or Compute Engine.
// To learn more about the differences between instance and project
// level metadata, see:
// https://cloud.google.com/compute/docs/storing-retrieving-metadata#project-instance-metadata
if (isAvailable) {
// grab all top level metadata from the service
const instanceMetadata = await gcpMetadata.instance();
console.log('Instance metadata:');
console.log(instanceMetadata);
// get all project level metadata
const projectMetadata = await gcpMetadata.project();
console.log('Project metadata:');
console.log(projectMetadata);
}
}
quickstart();
const isAvailable = await gcpMetadata.isAvailable();
const data = await gcpMetadata.instance();
console.log(data); // ... All metadata properties
const data = await gcpMetadata.instance('hostname');
console.log(data); // ...Instance hostname
const projectId = await gcpMetadata.project('project-id');
console.log(projectId); // ...Project ID of the running instance
const data = await gcpMetadata.instance('service-accounts/default/email');
console.log(data); // ...Email address of the Compute identity service account
const data = await gcpMetadata.instance({
property: 'tags',
params: { alt: 'text' }
});
console.log(data) // ...Tags as newline-delimited list
await gcpMetadata.instance({
headers: { 'no-trace': '1' }
}); // ...Request is untraced
In some cases number valued properties returned by the Metadata Service may be
too large to be representable as JavaScript numbers. In such cases we return
those values as BigNumber
objects (from the bignumber.js library). Numbers
that fit within the JavaScript number range will be returned as normal number
values.
const id = await gcpMetadata.instance('id');
console.log(id) // ... BigNumber { s: 1, e: 18, c: [ 45200, 31799277581759 ] }
console.log(id.toString()) // ... 4520031799277581759
GCE_METADATA_HOST
: provide an alternate host or IP to perform lookup against (useful, for example, you're connecting through a custom proxy server).
For example:
export GCE_METADATA_HOST='169.254.169.254'
DETECT_GCP_RETRIES
: number representing number of retries that should be attempted on metadata lookup.
DEBUG_AUTH
: emit debugging logs
METADATA_SERVER_DETECTION
: configure desired metadata server availability check behavior.
assume-present
: don't try to ping the metadata server, but assume it's presentnone
: don't try to ping the metadata server, but don't try to use it eitherbios-only
: treat the result of a BIOS probe as canonical (don't fall back to pinging)ping-only
: skip the BIOS probe, and go straight to pingingSamples are in the samples/
directory. Each sample's README.md
has instructions for running its sample.
Sample | Source Code | Try it |
---|---|---|
Quickstart | source code |
The GCP Metadata Node.js Client API Reference documentation also contains samples.
Our client libraries follow the Node.js release schedule. Libraries are compatible with all current active and maintenance versions of Node.js. If you are using an end-of-life version of Node.js, we recommend that you update as soon as possible to an actively supported LTS version.
Google's client libraries support legacy versions of Node.js runtimes on a best-efforts basis with the following warnings:
Client libraries targeting some end-of-life versions of Node.js are available, and
can be installed through npm dist-tags.
The dist-tags follow the naming convention legacy-(version)
.
For example, npm install gcp-metadata@legacy-8
installs client libraries
for versions compatible with Node.js 8.
This library follows Semantic Versioning.
This library is considered to be stable. The code surface will not change in backwards-incompatible ways unless absolutely necessary (e.g. because of critical security issues) or with an extensive deprecation period. Issues and requests against stable libraries are addressed with the highest priority.
More Information: Google Cloud Platform Launch Stages
Contributions welcome! See the Contributing Guide.
Please note that this README.md
, the samples/README.md
,
and a variety of configuration files in this repository (including .nycrc
and tsconfig.json
)
are generated from a central template. To edit one of these files, make an edit
to its templates in
directory.
Apache Version 2.0
See LICENSE
FAQs
Get the metadata from a Google Cloud Platform environment
The npm package gcp-metadata receives a total of 10,302,813 weekly downloads. As such, gcp-metadata popularity was classified as popular.
We found that gcp-metadata demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.