Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
mongodb-stitch-cli
Advanced tools
npm install mongodb-stitch-cli
npm install -g mongodb-stitch-cli
Build binary in place:
go build
Or, to build binary and install in your Go workspace's bin directory:
go install
https://docs.mongodb.com/stitch/import-export/stitch-cli-reference/
When using stitch-cli
against a locally running Stitch Server you can use any of the commands documented in the link above, however, you will need to pass some additional flags to the stitch-cli
command in order for it to work properly.
--base-url
For all local commands use the --base-url
flag to specify the URL of your locally running Stitch Server instance, e.g.:
stitch-cli import --base-url=http://localhost:8080
Where http://localhost:8080
is the URL of your locally running instance. This flag is required for any command you want to run against your local server.
--auth-provider=local-userpass
When using stitch-cli login
you will also need to include --auth-provider=local-userpass
to authenticate with the local server using a username/password instead of the usual API Key method, e.g.:
stitch-cli login --base-url=http://localhost:8080 --auth-provider=local-userpass --username=USERNAME --password=PASSWORD
Where USERNAME
and PASSWORD
are the credentials for an existing local user.
provided by gometalinter
(export PKGS=`go list ./... | grep -v "/vendor/"`; cd $GOPATH/src && echo $PKGS | xargs $GOPATH/bin/gometalinter --config=$GOPATH/src/github.com/10gen/stitch-cli/.gometalinter.json)
Run all tests:
go test -v $(go list github.com/10gen/stitch-cli/...)
FAQs
The MongoDB Stitch Command Line Interface
We found that mongodb-stitch-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.