Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
machinepack
Advanced tools
Command-line tool for working with machinepacks and machines.
$ npm install -g machinepack
Note that you'll also want to grab the Yeoman generator
You should check out http://node-machine.org/implementing for an in-depth tutorial, but here are a few highlights:
# open generated manpage on node-machine.org in your browser of choice
mp browse
# run a machine
# (theres an interactive prompt- you'll get to choose from a list, then be prompted to provide values for required inputs)
# (supports json entry and validation, re-running using command-line flags, and protects inputs marked as "protected" so they don't show up in your bash history)
mp exec
# clean everything up: (re)scaffold JSON test files, (re)generate readme using latest metadata, make sure repo url is in package.json, etc.
mp scrub
# list machines (useful for remembering wtf you're doing)
mp ls
# add new machine w/ identity="do-some-stuff" and start interactive prompt to get the rest of the necessary info
mp add do-some-stuff
# copy machine (useful for quickly creating similar machines)
mp cp foo bar
# rename machine (useful for fixing misspellings)
mp mv initiate-denk-party initiate-dance-party
This CLI tool is just sugar on top of the machine specification. That said, it helps a lot, and if you're building a pack, I highly recommend checking it out.
MIT © 2015 Mike McNeil
FAQs
CLI tool for working with machinepacks and their machines.
We found that machinepack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.