Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Haiku9 (H9 for short) is a static site publisher. H9 supports:
H9 provides CLI and programmatic interfaces, though most of the configuration is handled with your h9.yaml
file.
npm install -g haiku9
H9 uses your AWS access to perform actions on your behalf. Your environment needs access to AWS credentials that can be reached by the SharedIniFileCredentials
method
From that reference:
defaulting to
~/.aws/credentials
or defined by theAWS_SHARED_CREDENTIALS_FILE
environment variable
Within that file, you can assign credentials to multiple "profiles" for easy access. H9 can accept that profile name as a command-line argument
h9 publish production -p "panda"
At the root of your site, create a h9.yaml
file. Here is an example for publishing to a hypothetical https://haiku9.pandastrike.com
# The directory Haiku9 will copy into an S3 bucket. The local directory is
# authoritative, so files will be added or deleted from your bucket to make
# it match. Haiku9 also uses MD5 hashes to make sure existing bucket files
# are current.
source: build
# The root domain for your site.
domain: pandastrike.com
# The AWS region you would like to use for your S3 bucket that serves your site
region: us-west-1
# The default path when navigating to "/", as well as the page to serve if
# a requested path does not exist.
site:
index: index
error: 404
# If you a publishing content to CDN that will be accessed through CORS, you can set your CORS settings here. `wildstyle` is the permissive "*"
cors: wildstyle
# Haiku9 uses environments to organize your a project's configuration into
# sections while maintaining access to common configuration. Each environment
# is named as the keys in the dictionary below.
environments:
# The staging environment has a hostname, but no cache configuration, so it
# will serve directly from the S3 bucket without TLS termination.
staging:
hostnames:
- staging-haiku
# The production environment has a different hostname setting, as well as
# configuration for the CloudFront distribution.
production:
hostnames:
- haiku
cache:
expires: 1800 # 30 minutes
ssl: true
priceClass: 100
To publish your compiled site to AWS, first confirm that your AWS credentials are defined in ~/.aws/credentials
:
[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Next, publish to AWS:
h9 publish <environment>
And in a few minutes you will have a new website.
If you would like to tear it down.
h9 delete <environment>
And it will be gone just as easily.
FAQs
Asset compilation, static-site generator
We found that haiku9 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.