Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gulp-awspublish
Advanced tools
awspublish plugin for gulp
First, install gulp-awspublish
as a development dependency:
npm install --save-dev gulp-awspublish
Then, add it to your gulpfile.js
:
var es = require('event-stream'),
awspublish = require('gulp-awspublish'),
publisher = awspublish({ key: '...', secret: '...', bucket: '...'}),
headers = { 'Cache-Control': 'max-age=315360000, no-transform, public' };
// publish all js files
// Set Content-Length, Content-Type and Cache-Control headers
// Set x-amz-acl to public-read by default
var js = gulp.src('./public/*.js')
.pipe(publisher.publish(headers));
// gzip and publish all js files
// Content-Encoding headers will be added on top of other headers
// uploaded files will have a jsgz extension
var jsgz = gulp.src('./public/*.js')
.pipe(awspublish.gzip())
.pipe(publisher.publish(headers));
// sync content of s3 bucket with files in the stream
// cache s3 etags locally to avoid unnecessary request next time
// print progress with reporter
es.merge(js, jsgz)
.pipe(publisher.sync())
.pipe(publisher.cache())
.pipe(publisher.reporter());
add an aws-credentials.json json file to the project directory with your bucket credentials, then run mocha.
{
"key": "...",
"secret": "...",
"bucket": "..."
}
create a through stream, that gzip files and add Content-Encoding headers
Create a Publisher Options are passed to knox to create a s3 client
create a through stream, that push files to s3. Publish take a header hash that add or override existing s3 headers.
if there is an .awspublish cache file, we first compare disk file etag with the one in the cache, if etags match we dont query amazon and file.s3.state is set to 'cache'
we then make a header query and compare the remote etag with the local one if etags match we don't upload the file and file.s3.state is set to 'skip'
if there is a remote file.s3.state is set to 'update' otherwhise file.s3.state is set to 'create'
Files that go through the stream get extra properties s3.path: s3 path s3.etag: file etag s3.state: publication state (create, update, cache or skip) s3.headers: s3 headers for this file
Defaults headers are
create a through stream that create or update a cache file with the list of key value pair (s3.path/s3.etag)
Cache file is save in the current working dir and is named.awspublish- The cache file is flushed to disk every 10 files
create a transform stream that delete old files from the bucket and stream both new and delete files. deleted file will have s3.state set to delete
Expose the knox clientto let you do other s3 operations
create a reporter that logs s3.path and s3.state (delete, create, update, cache, skip)
0.0.5 / 2014-02-05
FAQs
gulp plugin to publish files to amazon s3
The npm package gulp-awspublish receives a total of 21,424 weekly downloads. As such, gulp-awspublish popularity was classified as popular.
We found that gulp-awspublish demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.