Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A mock library that simulates a running Riak cluster (without actually having one)
Riak-mock is a Node.js module that mimics a real-life Riak server cluster that can be initialized, started, and stopped at will. Its goal is to provide developers with a reasonable approximation of the real thing to facilitate testing operations without having to depend on the availability of a real cluster.
var Riak = require('../index');
var server = new Riak(8087);
server.start();
This will start a new server on port 8087 and attach it to all available IPs. The full signature of the server constructor is:
new Riak(port, [hostname], [log]);
Here, log
is a bunyan logging facility that is optionally passed to Riak-mock's underlying restify object.
You can start([callback])
and stop([callback])
the server as needed. Every time a new server is created, it starts with a blank data store that you can populate as needed.
You can also run Riak-mock as a standalone server; this can be handy when you're trying to track down a particular issue and don't want to create a full environment to deal with the problem. You can do so by installing the module standalone in a location of your choice, and then running npm start
, which executes the server.js
file. The server includes a built-in logging facility that dumps to stdout.
"language":"javascript","bucket":"myjs","key":"mymap"
are not supported.You are encouraged to submit patches for the bugs you find. However, you must also provide at least one unit test to cover the patch (unless, of course, the patch is either not code-related or is, itself, a unit test). I will not merge pull requests without covering unit tests, and it's a fair bet that I won't have the time to write the tests myself.
Also, if you want to help out, the project needs much better test coverage, especially when it comes to map/reduce operations, which are a little sketchy at the moment.
version 0.8.9
FAQs
A mock library that simulates a running Riak cluster (without actually having one)
The npm package mock-riak receives a total of 0 weekly downloads. As such, mock-riak popularity was classified as not popular.
We found that mock-riak demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.