Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Node3p is a tool for downloading files from AmazonMP3. Because you don't always download you files from home, it's nice to be able to save your music to your main music computer. This allows you to upload an AMZ file. The tool will then parse that file and proceed to download the files you've specified. While there are other ways to do this, the web interface is purely a convenience tool.
Enjoy.
git submodule update --init --recursive
*** Type npm install
from the cloned directory
** From npm, type npm install node3p
node3p-web
from the CLIThe server works with a configuration file that is to be located at /usr/local/etc/node3p-web/config.js
. The config file uses the regular exports syntax. The options are as follows:
This is completely in alpha stages. The data downloads but the code is complete and utter crap. You'll likely want to look at it like you look at an eclipse or your eyeballs may melt. Assuming you are crazy enough to try this, please throw bugs at me like you might a can of Redbull and I'll try my best to hammer through them. Also, patches are very welcome.
In the 0.2.0 version, I made use of MooFlow which is a JS/Canvas based coverflow library. It works beautifully and I didn't write it so I want to give credit where it's due. Be sure to take a look at it. With this, we can show a coverflow of the latest downloads and the images. Yay eyecandy! ;D
Right now there is very little error handling and upload validation. This will be coming, but I am not responsible for someone uploading files that could destroy your system. I do love patches and pull requests so if you are able to hack it in before I can, go for it!
see license file
FAQs
A web interface for Node3p.
The npm package node3p-web receives a total of 1 weekly downloads. As such, node3p-web popularity was classified as not popular.
We found that node3p-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.