Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Easy Node.JS Git wrapper with support for SSH keys. By default, the Git CLI
tool will only use the SSH key of the current user (e.g. $HOME/.ssh/id_dsa
).
In order to be able to use Git with an arbitrary SSH key, a wrapper shell script to invoke ssh -i <key>
must be written and the GIT_SSH environment
variable must point to that script.
Gitane wraps all this plumbing for you. Simply pass the SSH private key you wish to run Git with as a string argument and let Gitane do the rest. Gitane will clean up the temporary wrapper script after it is done.
Gitane is available in NPM. npm install gitane
var fs = require('fs')
var gitane = require('gitane')
var path = require('path')
// Use current working dir
var baseDir = process.cwd()
// Read private key from ~/.ssh/id_dsa
var privKey = fs.readFileSync(path.join(process.env.HOME, '.ssh/id_dsa'), 'utf8')
gitane.run(baseDir, privKey, "git clone git://github.com/niallo/Gitane.git",
function(err, stdout, stderr, exitCode) {
if (err) {
console.log("An error occurred: " + stderr)
process.exit(1)
}
console.log("Git clone complete!")
})
Gitane comes with tests. To run, simply execute npm test
.
Gitane is released under a BSD license.
Picture of Gitane fixie CC-BY Herb Real from http://www.flickr.com/photos/herbrealphotography/3593701411/
FAQs
Easy Node.JS Git wrapper with support for SSH keys
We found that gitane demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.