Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
kube-service-bindings
Advanced tools
kube-service-bindings
Service bindings is kubernetes spec on how to communicate service secrets to applications in an automated way. The spec is available here.
The goal of this package is to make it easy for Node.js applications to consume these secrets, without requiring developers to be familiar with service bindings.
The package provides the getBinding method which does roughly
the following:
- Looks for the $SERVICE_BINDING_ROOT variable in order to determine if bindings are available.
- Reads the info from the files.
- Maps the names of the files to the options names needed by the Node.js clients that will connect to the service.
The parameters for getBinding include:
-
type- The type of service for which a binding is being requested. Currently the supported types are:- 'KAFKA'
- 'POSTGRESQL'
- 'REDIS'
- 'MONGODB'
-
client- the package the application is using to connect to the service. kube-service-bindings is aware of a subset of possible packages. For those that it is aware of, it can map the service bindings into the form required by the client. Currently the following clients are recognized based on the supported types:- KAFKA
- node-rdkafka
- kafkajs
- POSTGRESQL
- pg
- REDIS
- redis
- ioredis
- MONGODB
- mongodb
If you don't specify a client, the object returned will be a direct map from the bindings, with the keys corresponding to the name of each file provided by the binding.
- KAFKA
-
id- option id that is used to filter the available bindings in the search. Most useful for testing where you might have more than one binding of a given type available.
This is an example of how kube-service-bindings might be used:
const Kafka = require('node-rdkafka');
const serviceBindings = require('kube-service-bindings');
try {
// check if the deployment has been bound to a kafka instance through
// service bindings. If so use that connect info
kafkaConnectionBindings = serviceBindings.getBinding('KAFKA', 'node-rdkafka');
} catch (err) { // proper error handling here
};
const stream = Kafka.KafkaConsumer.createReadStream(
Object.assign({
'group.id': 'consumer-test', // identifier to use to help trace activity in Kafka
'socket.keepalive.enable': true, // Enable TCP keep-alives on broker sockets
'enable.auto.commit': false // Automatically and periodically commit offsets in the background.
}, kafkaConnectionBindings),
{},
{
topics: 'countries'
}
);
FAQs
helper for consuming kubernetes service bindings
The npm package kube-service-bindings receives a total of 20,357 weekly downloads. As such, kube-service-bindings popularity was classified as popular.
We found that kube-service-bindings demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Package last updated on 16 Feb 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025