Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
pkgcloud is a standard library for node.js that abstracts away differences among multiple cloud providers.
Currently there are three service types which are handled by pkgcloud:
In our Roadmap, we plan to add support for DNS and CDN services, but these are not currently available.
Services provided by pkgcloud
are exposed in two ways:
var client = require('pkgcloud').compute.createClient({
//
// The name of the provider (e.g. "joyent")
//
provider: 'provider-name',
//
// ... Provider specific credentials
//
});
var client = require('pkgcloud').providers.joyent.compute.createClient({
//
// ... Provider specific credentials
//
});
All API clients exposed by pkgcloud
can be instantiated through pkgcloud[serviceType].createClient({ ... })
or pkcloud.providers[provider][serviceType].createClient({ ... })
.
Due to the differences between the vocabulary for each service provider, pkgcloud uses its own unified vocabulary.
Supporting every API for every cloud service provider in Node.js is a huge undertaking, but that is the long-term goal of pkgcloud
. Special attention has been made to ensure that each service type has enough providers for a critical mass of portability between providers (i.e. Each service implemented has multiple providers).
The pkgcloud.compute
service is designed to make it easy to provision and work with VMs. To get started with a pkgcloud.compute
client just create one:
var client = require('pkgcloud').compute.createClient({
//
// The name of the provider (e.g. "joyent")
//
provider: 'provider-name',
//
// ... Provider specific credentials
//
});
Each compute provider takes different credentials to authenticate; these details about each specific provider can be found below:
Each instance of pkgcloud.compute.Client
returned from pkgcloud.compute.createClient
has a set of uniform APIs:
client.getServers(function (err, servers) { })
client.createServer(options, function (err, server) { })
client.destroyServer(serverId, function (err, server) { })
client.getServer(serverId, function (err, server) { })
client.rebootServer(server, function (err, server) { })
client.getImages(function (err, images) { })
client.getImage(imageId, function (err, image) { })
client.destroyImage(image, function (err, ok) { })
client.createImage(options, function (err, image) { })
client.getFlavors(function (err, flavors) { })
client.getFlavor(flavorId, function (err, flavor) { })
The pkgcloud.storage
service is designed to make it easy to upload and download files to various infrastructure providers. Special attention has been paid so that methods are streams and pipe-capable.
To get started with a pkgcloud.storage
client just create one:
var client = require('pkgcloud').storage.createClient({
//
// The name of the provider (e.g. "joyent")
//
provider: 'provider-name',
//
// ... Provider specific credentials
//
});
Each compute provider takes different credentials to authenticate; these details about each specific provider can be found below:
Each instance of pkgcloud.storage.Client
returned from pkgcloud.storage.createClient
has a set of uniform APIs:
client.getContainers(function (err, containers) { })
client.createContainer(options, function (err, container) { })
client.destroyContainer(containerName, function (err) { })
client.getContainer(containerName, function (err, container) { })
client.upload(options, function (err) { })
client.download(options, function (err) { })
client.getFiles(container, function (err, files) { })
client.getFile(container, file, function (err, server) { })
client.removeFile(container, file, function (err) { })
Both the .upload(options)
and .download(options)
have had careful attention paid to make sure they are pipe and stream capable:
var pkgcloud = require('pkgcloud'),
fs = require('fs');
var client = pkgcloud.storage.createClient({ /* ... */ });
fs.createReadStream('a-file.txt').pipe(client.upload({
container: 'a-container',
remote: 'remote-file-name.txt'
}));
var pkgcloud = require('pkgcloud'),
fs = require('fs');
var client = pkgcloud.storage.createClient({ /* ... */ });
client.download({
container: 'a-container',
remote: 'remote-file-name.txt'
}).pipe(fs.createWriteStream('a-file.txt'));
The pkgcloud.database
service is designed to consistently work with a variety of Database-as-a-Service (DBaaS) providers.
To get started with a pkgcloud.storage
client just create one:
var client = require('pkgcloud').database.createClient({
//
// The name of the provider (e.g. "joyent")
//
provider: 'provider-name',
//
// ... Provider specific credentials
//
});
Each database provider takes different credentials to authenticate; these details about each specific provider can be found below:
Due to the various differences in how these DBaaS providers provision databases only a small surface area of the API for instances of pkgcloud.database.Client
returned from pkgcloud.database.createClient
is consistent across all providers:
client.create(options, callback)
All of the individual methods are documented for each DBaaS provider listed above.
$ npm install pkgcloud
For run the tests you will need vows@0.7.0
or higher, please install it and then run:
$ npm test
The tests use the nock
library for mock up the response of providers, so the tests run without do any connection to the providers, there is a notorius advantage of speed on that, also you can run the tests without Internet connection and also can highlight a change of API just disabling nock
.
By default the npm test
command run the tests enabling nock
. And sometimes you will want to test against the live provider, so you need to do this steps, in order to test without mocks.
test/configs/mock
to test/configs
test/configs/providers.json
, there you can enable or disable providers.Vows installed globally
$ vows --spec --isolate test/*/*/*-test.js
Linux/Mac - Vows installed locally
$ ./node_modules/.bin/vows --spec --isolate test/*/*/*-test.js
Windows - Vows installed locally:
$ node_modules\.bin\vows.cmd --spec --isolate test/*/*/*-test.js
Also you can run the tests directly using vows
with nock
enabled:
Linux/Mac - Vows installed globally:
$ NOCK=on vows --spec --isolate test/*/*/*-test.js
Linux/Mac - Vows installed locally:
$ NOCK=on ./node_modules/.bin/vows.cmd --spec --isolate test/*/*/*-test.js
Windows - Vows installed globally:
$ set NOCK=on&vows --spec --isolate test/*/*/*-test.js
Windows - Vows installed locally:
$ set NOCK=on&node_modules\.bin\vows.cmd --spec --isolate test/*/*/*-test.js
Even better, you can run the tests for some specific provider:
Linux/Mac - Vows installed globally:
$ NOCK=on vows --spec --isolate test/iriscouch/*/*-test.js
Linux/Mac - Vows installed locally:
$ NOCK=on ./node_modules/.bin/vows --spec --isolate test/iriscouch/*/*-test.js
Windows - Vows installed globally:
$ set NOCK=on&vows --spec --isolate test/iriscouch/*/*-test.js
Windows - Vows installed locally:
$ set NOCK=on&node_modules\.bin\vows.cmd --spec --isolate test/iriscouch/*/*-test.js
We welcome contribution to pkgcloud
by any and all individuals or organizations. Before contributing please take a look at the Contribution Guidelines in CONTRIBUTING.md.
We are pretty flexible about these guidelines, but the closer you follow them the more likely we are to merge your pull-request.
node-cloudfiles
and node-cloudservers
CDN
and DNS
services.fs
compatible file API.FAQs
A provider agnostic cloud library for Node.js
The npm package pkgcloud receives a total of 6,513 weekly downloads. As such, pkgcloud popularity was classified as popular.
We found that pkgcloud demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.