Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
jmp-prebuilt
Advanced tools
Node.js module for creating, parsing and replying to messages of the Jupyter Messaging Protocol (JMP)
jmp
is an npm module for creating, parsing and
replying to messages of the Jupyter Messaging
Protocol over
ZMQ sockets.
Version v0.4.0 is is backwards-incompatible. The attribute
Message#signatureOK
has been removed.
See issue #10.
Version v0.2.0 is backwards-incompatible. The attribute Message#parentHeader
has been renamed to
Message#parent_header
.
See issue #7.
Version v0.1.0 is backwards-incompatible. npm
packages depending on the
initial release of JMP need to update their dependency field:
"jmp": "<0.1.0",
The latest stable release is published on
npm
and can be installed by running:
npm install jmp
The master branch in the github repository provides the latest development version and can be installed by:
git clone https://github.com/n-riesco/jmp.git
npm install ./jmp
Branch v0.0
provides the latest version of JMP, backwards-compatible with the
first release. It can be installed from npm
:
npm install "jmp@<0.1.0"
or github:
git clone -b v0.0 https://github.com/n-riesco/jmp.git
npm install ./jmp
JMP depends on ZMQ and for convenience JMP
exports the module zmq
:
var crypto = require("crypto");
var uuid = require("node-uuid");
var jmp = require("jmp");
var zmq = jmp.zmq;
var scheme = "sha256";
var key = crypto.randomBytes(256).toString('base64');
var serverSocket = new jmp.Socket("router", scheme, key);
var clientSocket = new jmp.Socket("dealer", scheme, key);
var address = "tcp://127.0.0.1:8888";
serverSocket.bindSync(address);
clientSocket.connect(address);
var request = new jmp.Message();
request.idents = [];
request.header = {
"msg_id": uuid.v4(),
"username": "user",
"session": uuid.v4(),
"msg_type": "kernel_info_request",
"version": "5.0",
};
request.parent_header = {};
request.metadata = {};
request.content = {};
clientSocket.send(request);
serverSocket.on("message", onRequest);
function onRequest(msg) {
var responseMessageType = "kernel_info_reply";
var responseContent = {
"protocol_version": "0.0.0",
"implementation": "kernel",
"implementation_version": "0.0.0",
"language_info": {
"name": "test",
"version": "0.0.0",
"mimetype": "text/plain",
"file_extension": "test",
},
"banner": "Test",
"help_links": [{
"text": "JMP",
"url": "https://github.com/n-riesco/nel",
}],
};
var responseMetadata = {};
msg.respond(
serverSocket, responseMessageType, responseContent, reponseMetadata
);
}
serverSocket.removeListener("message", getRequest);
serverSocket.close()
clientSocket.close()
Documentation generated using JSDoc can be found here.
First of all, thank you for taking the time to contribute. Please, read CONTRIBUTING.md and use the issue tracker for any contributions: support requests, bug reports, enhancement requests, pull requests, ...
FAQs
Node.js module for creating, parsing and replying to messages of the Jupyter Messaging Protocol (JMP)
The npm package jmp-prebuilt receives a total of 4 weekly downloads. As such, jmp-prebuilt popularity was classified as not popular.
We found that jmp-prebuilt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.