
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
1、全局安装 ``` > npm i oiii -g ``` 2、初始化项目(项目目录) ``` > bot init > bot init 1 # 覆盖已有文件 ``` 3、开启图像界面服务 ``` > bot open ui ``` 4、关闭图像界面服务 ``` > bot close ui ``` 默认访问端口: 请求代理端口为:80 对应静态资源访问路径为:localhost/admin 相应服务请求端口:8080 请求代理修改文件:./proxy.mjs
1、全局安装
> npm i oiii -g
2、初始化项目(项目目录)
> bot init
> bot init 1 # 覆盖已有文件
3、开启图像界面服务
> bot open ui
4、关闭图像界面服务
> bot close ui
默认访问端口: 请求代理端口为:80 对应静态资源访问路径为:localhost/admin 相应服务请求端口:8080 请求代理修改文件:./proxy.mjs 服务请求端口修改文件:./config.mjs
1、拉取项目
> git clone https://github.com/yangzongzhuan/RuoYi-Vue3.git
2、更新文件
> bot update
1、使用简易微服务(UDP/TCP)
import {udpService} from './index.mjs'
const pools = {
s: {test: 'localhost:9000/test'}
}
// 9000端
const s = udpService(pools, {port: 9000, callback(path, data, next) {
next('9000')
}})
// s.close()
// 9001端
const map = new Map
map.set('/test', data => new Promise((resolve, reject) => reject('9001')))
udpService(pools, {port: 9001, map}).s.test().then(r => console.log(r.toString())) // '9000'
也可以通过后台“系统工具”->“服务管理”里面辅助维护导出辅助mjs文件。
2、服务托管使用的是pm2库支持。
3、MySQL数据库库tools2/mysql2ssh2.mjs,基于mysql2和ssh2。
import Query from 'tools2/mysql2ssh2.mjs'
const query = new Query({...}, {...}) // mysqlConfig、sshConfig
query`SELECT * FROM t_test`.then(...)
query.close()
4、NoSql小型数据库操作见dmb3的README。 5、资源上传,可以将任何资源上传到config里面的静态目录。
FAQs
1、全局安装 ``` > npm i oiii -g ``` 2、初始化项目(项目目录) ``` > bot init > bot init 1 # 覆盖已有文件 ``` 3、开启图像界面服务 ``` > bot open ui ``` 4、关闭图像界面服务 ``` > bot close ui ``` 默认访问端口: 请求代理端口为:80 对应静态资源访问路径为:localhost/admin 相应服务请求端口:8080 请求代理修改文件:./proxy.mjs
The npm package oiii receives a total of 24 weekly downloads. As such, oiii popularity was classified as not popular.
We found that oiii demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.