Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The 'http' npm package is a core Node.js module that provides utilities for creating HTTP servers and clients. It allows developers to build web servers and make HTTP requests.
Creating an HTTP Server
This feature allows you to create an HTTP server that listens on a specified port and hostname. The server responds with 'Hello, World!' to any incoming request.
const http = require('http');
const server = http.createServer((req, res) => {
res.statusCode = 200;
res.setHeader('Content-Type', 'text/plain');
res.end('Hello, World!');
});
server.listen(3000, '127.0.0.1', () => {
console.log('Server running at http://127.0.0.1:3000/');
});
Making an HTTP GET Request
This feature allows you to make an HTTP GET request to a specified URL. The response data is collected and logged to the console.
const http = require('http');
http.get('http://www.example.com', (res) => {
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
console.log(data);
});
}).on('error', (e) => {
console.error(`Got error: ${e.message}`);
});
Handling HTTP POST Requests
This feature allows you to handle HTTP POST requests. The server collects the POST data and responds with it.
const http = require('http');
const server = http.createServer((req, res) => {
if (req.method === 'POST') {
let body = '';
req.on('data', chunk => {
body += chunk.toString();
});
req.on('end', () => {
res.end('Received POST data: ' + body);
});
} else {
res.statusCode = 405;
res.end('Method Not Allowed');
}
});
server.listen(3000, '127.0.0.1', () => {
console.log('Server running at http://127.0.0.1:3000/');
});
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. It is built on top of the 'http' module and simplifies the process of building web servers and APIs.
Axios is a promise-based HTTP client for the browser and Node.js. It provides a simple and easy-to-use API for making HTTP requests and handling responses. Unlike the 'http' module, Axios supports features like request and response interception, automatic JSON transformation, and more.
Request is a simplified HTTP client for Node.js, designed to be easy to use. It abstracts the complexities of the 'http' module and provides a more user-friendly API for making HTTP requests. Note that 'request' has been deprecated, but it is still widely used in many projects.
This package name is not currently in use, but was formerly occupied by another package. To avoid malicious use, npm is hanging on to the package name, but loosely, and we'll probably give it to you if you want it.
You may adopt this package by contacting support@npmjs.com and requesting the name.
FAQs
security holding package
The npm package http receives a total of 154,980 weekly downloads. As such, http popularity was classified as popular.
We found that http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.