Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
inbound is a referrer parsing library for node.js / express web apps.
npm install inbound
var inbound = require('inbound');
inbound.referrer.parse(url, referrer, function (err, description) {
console.log(description);
});
url (string) is the page url, equivalent to client-side javascript's window.location.href
or express.js req.url
referrer (string) is the referrer, equivalent to client-side javascript's document.referrer
or express.js req.header('referrer')
var inbound = require('inbound'),
express = require('express');
var app = express();
app.use(function (req, res, next) {
var referrer = req.header('referrer');
var href = req.url;
inbound.referrer.parse(href, referrer, function (err, desc) {
req.referrer = desc;
next(err);
});
});
app.use(app.router);
app.get('/', function (req, res, next) {
return res.send(req.referrer);
});
var port = 8000;
app.listen(port);
console.log('Server listening on port : ' + port);
Here is an example of a visitor clicking a twitter link and ending up at a New Yorker article.
var url = "http://www.newyorker.com/online/blogs/johncassidy/2012/08/economy-points-to-dead-heat-in-november.html?
mbid=gnep&google_editors_picks=true";
var referrer = "http://twitter.com/ryah";
inbound.referrer.parse(url, referrer, function (err, description) {
console.log(description);
});
{
"referrer": {
"type": "social",
"network": "twitter"
}
}
Here's an example of a visitor clicking a campaign email from gmail, and arriving at a blog:
var url = "http://blog.intercom.io/churn-retention-and-reengaging-customers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+contrast%2Fblog+%28The+Intercom+Blog%29";
var referrer = "https://mail.google.com/_/mail-static/_/js/main/m_i,t/rt=h/ver=am293eyFlXI.en./sv=1/am=!v8Czf-oeNMn1FOzaNKsLQrJy-oNN3RSSYMAZTBUxCzwgQcXtLnTEHCkGr437GpFE2Dliuw/d=1";
inbound.referrer.parse(url, referrer, function (err, description) {
console.log(description);
});
{
"referrer": {
"type": "email",
"client": "gmail",
"from": "https://mail.google.com/_/mail-static/_/js/main/m_i,t/rt=h/ver=am293eyFlXI.en./sv=1/am=!v8Czf-oeNMn1FOzaNKsLQrJy-oNN3RSSYMAZTBUxCzwgQcXtLnTEHCkGr437GpFE2Dliuw/d=1",
"link": "http://blog.intercom.io/churn-retention-and-reengaging-customers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+contrast%2Fblog+%28The+Intercom+Blog%29"
},
"campaign": {
"source": "feedburner",
"medium": "feed",
"campaign": "Feed: contrast/blog (The Intercom Blog)"
}
}
Internal referrers occur when a visitor navigates between two pages of the same domain. Example: http://site.com => http://site.com/about
If there is a referrer present but it's unrecognized above, we'll just call it a link referrer.
When a visitor navigates to a site by typing in the url into the address bar, document.referrer
is blank. This is called a direct referral. (There are some other reasons this can happen as well.)
If you want to count the number of people who came from a specific referrer, you might want to make the following map:
referrer => { set_of_visitors }
However, referrers and urls tend to have differences that don't really matter to you, but are slightly different.
Use the inbound.shorten
API to make the referrers and domains unique.
inbound.shorten.url('https://segment.io/?imm_mid=094f89&cmp=em-npa-ug-nl-sep15-html')
// "segment.io"
inbound.shorten.url('http://ianstormtaylor.com/oocss-plus-sass-is-the-best-way-to-css/?utm_source=hackernewsletter&utm_medium=email')
// "ianstormtaylor.com/oocss-plus-sass-is-the-best-way-to-css
Matchers help identify and attach more semantic information to referral sources. We'd your help on adding the hundreds of social, search, ad, and other referral sources not matched yet by inbound.
To add matchers:
npm test
Even though most matchers do synchronous string matching, leaving the API asynchronous allows matchers that fill in more semantic information about the referrer by hitting some sort of API.
WWWWWW||WWWWWW
W W W||W W W
||
( OO )__________
/ | \
/o o| MIT \
\___/||_||__||_|| *
|| || || ||
_||_|| _||_||
(__|__|(__|__|
FAQs
Url referrer and campaign parsing utilities
The npm package inbound receives a total of 323 weekly downloads. As such, inbound popularity was classified as not popular.
We found that inbound demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.