Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
hubot-web-push-notifications
Advanced tools
Allow users to subscribe to Web Push notifications, notifying them of mentions while away
This Hubot script allows your users to subscribe to Web Push notifications from a Web client/frontend, and then receive notifications, when someone mentions their name while they're away.
It is part of the Kosmos project and has been created for usage with the Hyperchannel Web client and other related programs.
Caveat: as Hubot's user management is somewhat broken at the moment, this is currently only implemented for the IRC adapter. Also, you need the following commit for the adapter to expose channel attendance data: https://github.com/67P/hubot-irc/commit/af2d43c46364702e04129c7ec5cf25231f6d40a0
Install the script package:
npm i --save hubot-web-push-notifications
Add it to external-scripts.json
:
[
"hubot-redis-brain",
"hubot-web-push-notifications"
]
Hint: You should persist the robot's brain using something like hubot-redis-brain.
You can check out a working demo client in the demo/
directory, and copy all
necessary code from there. Start it from this repo's root using:
npm run demo-client
As usual, config options are set via environment variables.
Key | Description |
---|---|
GCM_API_KEY | Google Cloud Messaging API key |
VAPID_SUBJECT | VAPID subject (mailto address or URL) |
VAPID_PUBLIC_KEY | URL-safe base64-encoded public key |
VAPID_PRIVATE_KEY | URL-safe base64-encoded private key |
You can generate the VAPID keys using:
npm run generate-vapid-keys
Join us in #kosmos-dev on Freenode IRC, or open an issue on GitHub.
FAQs
Allow users to subscribe to Web Push notifications, notifying them of mentions while away
The npm package hubot-web-push-notifications receives a total of 0 weekly downloads. As such, hubot-web-push-notifications popularity was classified as not popular.
We found that hubot-web-push-notifications demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.