Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The libnpmorg package is a Node.js library that provides utilities for managing npm organizations. It allows you to perform various operations related to npm organizations, such as creating, deleting, and managing members and teams within an organization.
Create Organization
This feature allows you to create a new npm organization. You need to provide the organization name and an npm token for authentication.
const libnpmorg = require('libnpmorg');
async function createOrg() {
await libnpmorg.create('my-new-org', { token: 'your-npm-token' });
}
createOrg();
Delete Organization
This feature allows you to delete an existing npm organization. You need to provide the organization name and an npm token for authentication.
const libnpmorg = require('libnpmorg');
async function deleteOrg() {
await libnpmorg.delete('my-old-org', { token: 'your-npm-token' });
}
deleteOrg();
Add Member to Organization
This feature allows you to add a member to an npm organization. You need to provide the organization name, the username of the member, and an npm token for authentication.
const libnpmorg = require('libnpmorg');
async function addMember() {
await libnpmorg.addMember('my-org', 'username', { token: 'your-npm-token' });
}
addMember();
Remove Member from Organization
This feature allows you to remove a member from an npm organization. You need to provide the organization name, the username of the member, and an npm token for authentication.
const libnpmorg = require('libnpmorg');
async function removeMember() {
await libnpmorg.removeMember('my-org', 'username', { token: 'your-npm-token' });
}
removeMember();
List Organization Members
This feature allows you to list all members of an npm organization. You need to provide the organization name and an npm token for authentication.
const libnpmorg = require('libnpmorg');
async function listMembers() {
const members = await libnpmorg.listMembers('my-org', { token: 'your-npm-token' });
console.log(members);
}
listMembers();
The npm package itself provides some CLI commands to manage organizations, such as `npm org add` and `npm org rm`. However, it is more focused on package management and lacks the programmatic API that libnpmorg offers.
The np package is a tool for publishing npm packages with ease. While it provides some utilities for managing npm packages, it does not offer specific functionalities for managing npm organizations like libnpmorg does.
The npm-cli package provides a command-line interface for interacting with npm. It includes commands for managing organizations, but it does not offer the same level of programmatic control as libnpmorg.
libnpmorg
is a Node.js library for
programmatically accessing the npm Org membership
API.
const org = require('libnpmorg')
console.log(await org.ls('myorg', {token: 'deadbeef'}))
=>
Roster {
zkat: 'developer',
iarna: 'admin',
isaacs: 'owner'
}
$ npm install libnpmorg
opts
for libnpmorg
commandslibnpmorg
uses npm-registry-fetch
.
All options are passed through directly to that library, so please refer to its
own opts
documentation
for options that can be passed in.
A couple of options of note for those in a hurry:
opts.token
- can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.opts.otp
- certain operations will require an OTP token to be passed in. If a libnpmorg
command fails with err.code === EOTP
, please retry the request with {otp: <2fa token>}
> org.set(org, user, [role], [opts]) -> Promise
The returned Promise resolves to a Membership Detail object.
The role
is optional and should be one of admin
, owner
, or developer
.
developer
is the default if no role
is provided.
org
and user
must be scope names for the org name and user name
respectively. They can optionally be prefixed with @
.
See also: PUT /-/org/:scope/user
await org.set('@myorg', '@myuser', 'admin', {token: 'deadbeef'})
=>
MembershipDetail {
org: {
name: 'myorg',
size: 15
},
user: 'myuser',
role: 'admin'
}
> org.rm(org, user, [opts]) -> Promise
The Promise resolves to null
on success.
org
and user
must be scope names for the org name and user name
respectively. They can optionally be prefixed with @
.
See also: DELETE /-/org/:scope/user
await org.rm('myorg', 'myuser', {token: 'deadbeef'})
> org.ls(org, [opts]) -> Promise
The Promise resolves to a Roster object.
org
must be a scope name for an org, and can be optionally prefixed with @
.
See also: GET /-/org/:scope/user
await org.ls('myorg', {token: 'deadbeef'})
=>
Roster {
zkat: 'developer',
iarna: 'admin',
isaacs: 'owner'
}
> org.ls.stream(org, [opts]) -> Stream
Returns a stream of entries for a
Roster,
with each emitted entry in [key, value]
format.
org
must be a scope name for an org, and can be optionally prefixed with @
.
The returned stream is a valid Symbol.asyncIterator
.
See also: GET /-/org/:scope/user
for await (let [user, role] of org.ls.stream('myorg', {token: 'deadbeef'})) {
console.log(`user: ${user} (${role})`)
}
=>
user: zkat (developer)
user: iarna (admin)
user: isaacs (owner)
FAQs
Programmatic api for `npm org` commands
The npm package libnpmorg receives a total of 591,657 weekly downloads. As such, libnpmorg popularity was classified as popular.
We found that libnpmorg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.