Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A Library for handling low-level FreeSWITCH ESLconnections, and associated ESLevents.
Documentation - Event Socket Library Spec
Though there is already a Node.js "library" for this on github, it does not actually implement the Event Socket Library interface, and instead has it's own thing. This library was written to implement the full Event Socket Library interface, and provide a meaningful semantic when dealing with FreeSWITCH in Node.js.
This library supports both "Inbound" (connection going into FreeSWITCH) and "Outbound" (connections
coming out of FreeSWITCH). Also included is a helper esl.Server
object that manages multiple
esl.Connection
objects; making it trivial to have multiple "Outbound" connections from FreeSWITCH.
The easiest way to install is via npm:
npm install modesl
As in "Mod ESL".
The most basic usage example is to open a connection, and send a status command:
var esl = require('modesl'),
conn = new esl.Connection('127.0.0.1', 8021, 'ClueCon', function() {
conn.api('status', function(res) {
//res is an esl.Event instance
console.log(res.getBody());
});
});
Something to be aware of is that all functions that interact with FreeSWITCH are asynchronous on the Library side.
However, there are many functions (api
, execute
, etc) that are synchronous on the FreeSWITCH side. Because of this
the event you will get back in your callback on, for example, api
and the same command on bgapi
will be different.
The api
command's callback will be executed immediately when the command/reply
message is received, with all the
returned data. However, that same command using bgapi
will not call the callback when the command/reply
message
is received, this is because FreeSWITCH returns the command/reply
message immediately for background commands before
the command is run. The Library will automatically track the command, and call the callback on the BACKGROUND_JOB
message that denotes a completed Background Job.
The body for the same command issued with api
and bgapi
should be the same; even when the headers, event type, and
time it takes for the callback to execute are different. The Library attempts to smooth these differences out by providing
a common interface, even though behind the scenes things are quite different.
To run the tests included with the module simply run the following in the root of the modesl
folder:
npm test
esl.Connection
error
eventThis module is distributed under the Mozilla Public License 2.0.
FAQs
FreeSWITCH ESL Node.js Implementation
The npm package modesl receives a total of 2,762 weekly downloads. As such, modesl popularity was classified as popular.
We found that modesl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.