Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
josh-111111
Advanced tools
[Preview link](http://company-profiles-ui.s3-website-ap-southeast-2.amazonaws.com/companies/coolcompany_123)
The project is a POC for Company Profiles page on the candidate side.
At the beginning we will be rolling the page out only for an agreed subset or companies, including SEEK itself, taking over the
seek.com.au/companies/_id_/
home route.
For the initial stages, data will be hardcoded in the app and subsequently moved to appropriate databases as we grow bigger.
Note: there is NO intention to take over the company reviews as a product.
Existing company reviews set is treated as a set of third-party data providers and has a very little overlap with company profiles themselves.
This project is powered by sku, braid and built with React.
First of all, make sure you've installed Yarn.
Then, install dependencies:
$ yarn
getEnv script
You can configure your .env
with the getEnv.sh
script:
yarn get-env
Manual steps
Configure your .env
file with the following variables:
PAPI_KEY=
JOBS_API_KEY=
AUTH_API_KEY=
The values for these variables are considered secrets and are stored in AWS Secrets Manager. The .env
file and its content should not be committed to the repo and therefore is inside .gitignore
.
Note: You can use .env.sample
as a guide by copying the content of it into your .env
file and populating the values.
Make sure .env
contains staging env variables.
$ yarn start
Then use this url to open SEEK profile in staging: https://dev.seek.com.au:3000/companies/seek-1217901
. If you get SSL warning, then type: thisisunsafe
.
By default, staging environment is used. If production environment is required then it can be specified (need to update .env
file with prod values too):
$ yarn start --environment production
Then use this url to open SEEK profile in production: https://dev.seek.com.au:3000/companies/seek-432600
.
Run unit tests:
$ yarn test
Lint and format code:
$ yarn lint
$ yarn format
Build assets for deployment (staging/production):
$ yarn build
FAQs
[Preview link](http://company-profiles-ui.s3-website-ap-southeast-2.amazonaws.com/companies/coolcompany_123)
The npm package josh-111111 receives a total of 0 weekly downloads. As such, josh-111111 popularity was classified as not popular.
We found that josh-111111 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.