Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Lightrun is a developer-native observabity platform. It's a way to add logs, inspect the state of the current execution (in a familiar, debugger-like view), and extract any type of code-level metric on the fly - without redeploying, restarting or even stopping the running application.
Check out our docs to learn more.
To get started with Lightrun you'll need three things:
Once you've signed up for an account and downloaded the plugin, you can install the agent in your application.
In order to install the Lightrun Node Agent please follow these steps:
In your project's folder, install the node agent by running npm install lightrun
.
a. For regular Node.js applications - Require Lightrun at the start of your your application file (i.e. index.js
or app.js
):
require('lightrun').start({
lightrunSecret: '<COMPANY-SECRET>',
});
b. For TypeScript applications - Import Lightrun at the start of your your application file (i.e. index.ts
or app.ts
) and then start it:
import * as lightrun from 'lightrun';
lightrun.start({
lightrunSecret: '<COMPANY-SECRET>',
});
You will have a <COMPANY-SECRET>
auto-generated for you during the onbaording process, right after signing up for an account.
Lightrun for TypeScript needs to have sourcemap files available to it in order to work properly. Please make sure to set sourceMap
to true
when compiling your TypeScript code.
Run the application as you normally would.
You should now see the application's agent popping up in the Lightrun Plugin's sidebar - you can now add logs, snapshots and metrics to your application.
You can optionally choose to provide the <COMPANY-SECRET>
via environment variables to the Node process.
To do so, follow these steps after installing the agent (note that this does not work on Windows):
require('lightrun').start();
node
command:LIGHTRUN_SECRET=<COMPANY_SECRET> node index.js
FAQs
Lightrun Debug Agent for Node.js
The npm package lightrun receives a total of 9,654 weekly downloads. As such, lightrun popularity was classified as popular.
We found that lightrun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.