Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
StdLib Setup | Node | Python | Ruby | Web
Basic Node bindings for StdLib service accession (Node 4+).
Used to interface with services built using StdLib and the StdLib Command Line Tools.
NEW: Promise support (for future async / await) added in 2.2.0
.
The lib
package is available on npm: lib and
operates as zero-dependency interface to run StdLib functions. This means that
you can utilize any service on StdLib without installing any additional
dependencies, and when you've deployed services to StdLib, you have a pre-built
Node.js SDK --- for example;
const lib = require('lib');
lib.yourUsername.hostStatus({name: 'Dolores Abernathy'}, (err, result) => {
// handle result
});
const lib = require('lib');
lib.yourUsername.hostStatus({name: 'Dolores Abernathy'})
.then(result => /* handle result */)
.catch(err => /* handle error */);
To discover StdLib services, visit https://stdlib.com/search. To build a service, get started with the StdLib CLI tools.
To install locally in a project (StdLib service or otherwise), use;
$ npm install lib --save
const lib = require('lib');
// [1]: Call "stdlib.reflect" function, the latest version, from StdLib
lib.stdlib.reflect(0, 1, {kwarg: 'value'}, (err, result) => {});
// [2]: Call "stdlib.reflect" function from StdLib, with "dev" environment
lib.stdlib.reflect['@dev'](0, 1, {kwarg: 'value'}, (err, result) => {});
// [3]: Call "stdlib.reflect" function from StdLib, with "release" environment
// This is equivalent to (1)
lib.stdlib.reflect['@release'](0, 1, {kwarg: 'value'}, (err, result) => {});
// [4]: Call "stdlib.reflect" function from StdLib, with specific version
// This is equivalent to (1)
lib.stdlib.reflect['@0.0.1'](0, 1, {kwarg: 'value'}, (err, result) => {});
// [5]: Call functions within the service (not just the defaultFunction)
// This is equivalent to (1) when "main" is the default function
lib.stdlib.reflect.main(0, 1, {kwarg: 'value'}, (err, result) => {});
// Valid string composition from first object property only:
lib['stdlib.reflect'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@dev]'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@release]'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@0.0.1]'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect.main'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@dev].main'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@release].main'](0, 1, {kwarg: 'value'}, (err, result) => {});
lib['stdlib.reflect[@0.0.1].main'](0, 1, {kwarg: 'value'}, (err, result) => {});
To use StdLib services locally (from within a StdLib function), use the "string composition" method and begin your service path with a period;
lib['.otherFunction']({key: 'X'}, (err, result) => {});
This functionality exists, so if needs be, you can directly interface with other functions within a StdLib service when testing locally (i.e. MapReduce usage). Please note that local functions always execute in the same context and thread as the caller, meaning you will not get the scalability benefits of calling the function remotely, however latency is significantly reduced.
To learn more about StdLib, visit stdlib.com or read the StdLib CLI documentation on GitHub.
You can follow the development team on Twitter, @StdLibHQ
StdLib is © 2016 - 2017 Polybit Inc.
FAQs
Autocode standard library Node.js bindings
The npm package lib receives a total of 105,398 weekly downloads. As such, lib popularity was classified as popular.
We found that lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.