
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
oss-upload.js
Advanced tools
浏览器端直传aliyun oss
npm i oss-upload.js -S
import ossUpload from 'oss-upload.js';
ossUpload( { license,folder,fileObj,fileName,fileExtension } ).subscribe(res =>{});
ossConfig: 阿里云配置项参考 document.
aimFolder: 位于oss上的目标文件夹,用于放置上传的文件.
fileObj: 需要上传的File对象或Blob对象
fileName: 文件名,非必填项,如果不填,则会计算文件的MD5值作为文件名
fileExtension: 文件拓展名,非必填项,如果不填,则会计算文件mimetype作为拓展名
ossUpload() 会返回status 和 data组成的对象.
返回示例:
{status:200,data:'htto://***.jpg'}{status:300,data:1.234} // 如果文件大小大于20mb,则会在上传时返回300状态,同时data返回当前上传的百分比.{status:400,data:''}当文件大小大于20mb时,使用 put()进行上传,否则会使用multipartUpload()进行分片上传.
import ossUpload from 'oss-upload.js';
document.querySelector("#uploader").addEventListener("change", file => {
const uploadObservable = ossUpload(
{
license:{
region: "oss-cn-hangzhou",
accessKeyId: "yourAccessKeyId",
accessKeySecret: "yourAccessKeySecret",
bucket: "yourBucket"
}
folder:"upload",
fileObj:file.target.files[0]
}
).subscribe(res =>{
switch(res.status){
case 200:
// upload successed
uploadObservable.unsubscribe();
break;
case 300:
// uploading
break;
case 400:
// upload failed
break;
}
});
});
FAQs
The browser directly uploads files to oss
We found that oss-upload.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.