
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
module that takes a url and using pdfcrowd pipes the resulting pdf into an s3 bucket
Install & start
npm install pdf-pipe -s
let pdfPipe = require('pdfPipe')
let pdf = new pdfPipe(config //explained below)
pdf.pipeUrl(url,bucket,name)
.then(console.log)
.catch(console.log)
config for constructor:
{
accessKey:aws access key, //not required
secretKey:aws secret key, //not required
region: aws region, // not required defaults to us-east-1
pdfCrowd: {
userName: pdfCrowd username,
apiKey: pdfCrowd api key
}
}
//can have aws keys in env variable as AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
NOTE: aws will use creds in this order passed in to config > in enviroment var > with your system profile
method:
pipeUrl(url,bucket,name) //Promise
args:
url: url that will be converted to pdf
bucket: name of bucket to insert item
name: name of output item(must end in .pdf)
return:
resolve or reject of promise
example:
pdf.pipeUrl('http://google.com','testBucket','google.pdf')
.then(console.log)
.catch(console.log)
FAQs
module that takes a url and using pdfcrowd pipes the resulting pdf into an s3 bucket
We found that pdf-pipe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.