Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Pure JavaScript/NodeJS mDNS discovery implementation.
A lot of the functionality is copied from https://github.com/GoogleChrome/chrome-app-samples/tree/master/mdns-browser but adapted for node.
Install by
npm install mdns-js
It would be great to have a full implementation of mDSN + DNS-SD in pure JS but progress will be slow unless someone is willing to pitch in with pull requests, specifications for wanted functions etc. Also, as you should avoid to have multiple mDNS stacks on a system this might clash with stuff like avahi and bonjour.
var mdns = require('mdns-js');
var browser = mdns.createBrowser();
browser.on('ready', function () {
browser.discover();
});
browser.on('update', function (data) {
console.log('data:', data);
});
This library is using the debug module from TJ Holowaychuk and can be used like this.
DEBUG=mdns:* node examples/simple.js
This will spit out LOTS of information that might be useful. If you have some issues with something where you might want to communicate the contents of a packet (ie create an issue on github) you could limit the debug information to just that.
DEBUG=mdns:browser:packet node examples/simple.js
Pull-request will be gladly accepted.
If possible any api should be as close match to the api of node-mdns but be pragmatic. Look at issue #5.
Please run any existing tests with
npm test
and preferably add more tests.
Before creating a pull-request please run
npm run lint
This will run jshint as well as jscs that will do some basic syntax and code style checks. Fix any issues befor committing and creating a pull-request.
Look at the .jshintrc and .jscs.json for the details.
Apache 2.0. See LICENSE file.
FAQs
JavaScript/NodeJS mDNS discovery implementation
The npm package mdns-js receives a total of 3,823 weekly downloads. As such, mdns-js popularity was classified as popular.
We found that mdns-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.