
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
node-kerberos
Advanced tools
The kerberos
package is a C++ extension that requires a build environment to be installed on your system. You must be able to build node.js itself to be able to compile and install the kerberos
module. Furthermore the kerberos
module requires the MIT Kerberos package to correctly compile on UNIX operating systems. Consult your UNIX operation system package manager what libraries to install.
{{% note class="important" %}} Windows already contains the SSPI API used for Kerberos authentication. However you will need to install a full compiler tool chain using visual studio C++ to correctly install the kerberos extension. {{% /note %}}
This package is fork of https://github.com/mongodb-js/kerberos. It provide API to support default krbV5 mechanism for client.
If you don’t have the build essentials it won’t build. In the case of linux you will need gcc and g++, node.js with all the headers and python. The easiest way to figure out what’s missing is by trying to build the kerberos project. You can do this by performing the following steps.
git clone https://github.com/v-suhame/kerberos.git
cd kerberos
npm install
If all the steps complete you have the right toolchain installed. If you get node-gyp not found you need to install it globally by doing.
npm install -g node-gyp
If correctly compiles and runs the tests you are golden. We can now try to install the kerberos module by performing the following command.
cd yourproject
npm install kerberos --save
If it still fails the next step is to examine the npm log. Rerun the command but in this case in verbose mode.
npm --loglevel verbose install kerberos
This will print out all the steps npm is performing while trying to install the module.
A known compiler tool chain known to work for compiling kerberos
on windows is the following.
Open visual studio command prompt. Ensure node.exe is in your path and install node-gyp.
npm install -g node-gyp
Next you will have to build the project manually to test it. Use any tool you use with git and grab the repo.
git clone https://github.com/v-suhame/kerberos.git
cd kerberos
npm install
node-gyp rebuild
This should rebuild the driver successfully if you have everything set up correctly.
Your python installation might be hosed making gyp break. I always recommend that you test your deployment environment first by trying to build node itself on the server in question as this should unearth any issues with broken packages (and there are a lot of broken packages out there).
Another thing is to ensure your user has write permission to wherever the node modules are being installed.
FAQs
Kerberos library for Node.js
The npm package node-kerberos receives a total of 3 weekly downloads. As such, node-kerberos popularity was classified as not popular.
We found that node-kerberos demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.