Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
overlays-cli
Advanced tools
A cli tool to execute an Overlays document. See https://github.com/OAI/Overlay-Specification/
This is a prototype for digging into https://github.com/OAI/Overlay-Specification/
It is published as an npm package overlays-cli
which includes a simple binary cli.
To use, pipe in an Overlay definition and it'll output the result as YAML.
Example Overlay
overlays: 1.0.0
extends: https://petstore3.swagger.io/api/v3/openapi.json
actions:
- target: '$.paths'
remove: true
- target: '$.components'
remove: true
- target: '$.info'
update:
title: Overlayed!
description: |
This API has been overlayed 😎
Example usage
cat overlays-sample.yml | npx overlays-cli@latest
# ... and with curl
curl -sNL https://example.com | npx overlays-cli@latest
# and with a real curl
curl -sNL https://gist.githubusercontent.com/ponelat/daac5912ede1871629b6028bbe715d3a/raw/2871f9f27fb93d1c01567d198fb60cd1271e7dcf/overlay.yml | npx overlays-cli@latest
# If you clone the repo and want to run locally
cat overlays-sample.yml | node ./index.js
There is a simple (I hope) test suite framework inspired by the awesome JSON Schema test suite.
# Example test
docs: https://github.com/OAI/Overlay-Specification/blob/main/versions/1.0.0.md#actionObject
test: ActionObject with remove true
refs:
http://example.com:
openapi: 3.0.3
paths:
/foo:
get: {}
post: {}
/bar: {}
input:
overlay: 1.0.0
extends: http://example.com
actions:
- target: $.paths.*.*
remove: true
output:
openapi: 3.0.3
paths:
/foo: {}
/bar: {}
This is a prototype, and all are welcome to hack it. Some of us are on the OpenAPI slack and discord channels if you wanna chat!
FAQs
A cli tool to execute an Overlays document. See https://github.com/OAI/Overlay-Specification/
We found that overlays-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.