
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
jumbo-core
Advanced tools
Modern lightweight fast enterprise level MVW framework for Node.js
! Under development, but ready to use !
Watch docs here
Docs not completed yet.
Use jumbo-developer package to create project! Project must have specific structure but this core does NOT create that structure. You can create structure on your own (see docs) but you'll just waste time.
Install jumbo-developer tool via npm.
npm install jumbo-developer -g
Run jumbo-developer from console.
jumbo-developer
It will ask you for your project directory, so enter your project directory and press ENTER. Then write
create project
and you'll have base project (default from jumbo-developer template which you can change) in directory you specified earlier.
Go to your project directory, edit your config.js file (set up DB connection or remove whole domains
property) and run application.
npm start
Application will run on port 80 by default. You can change it in app.js.
See docs for more information.
FAQs
Modern lightweight fast enterprise level MVW framework for Node.js
The npm package jumbo-core receives a total of 11 weekly downloads. As such, jumbo-core popularity was classified as not popular.
We found that jumbo-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
Product
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
Product
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.