Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
pusher-js-auth
Advanced tools
Pusher plugin for batching auth requests in one HTTP call.
When subscribing to multiple private- and presence channels at once, your browser has to make an HTTP request for each channel. This plugin enables you to process multiple channel authentications within one request.
This is a plugin for the official Pusher JavaScript library and compatible with the latest 3.1.x release. Make sure you have a working implementation up and running.
Notice: This version is not compatibile with Pusher 3.0 and older. Please use version 1.2.0 of this plugin with older Pusher versions.
Documentation and configuration options are explained at the Pusher-js Github page
Load the plugin after including the Pusher library
<script src="//js.pusher.com/3.0/pusher.min.js"></script>
<script src="lib/pusher-auth.js"></script>
This plugin is also available on npm and bower:
npm install pusher-js-auth
bower install pusher-js-auth
This plugin comes with a few extra configuration parameters. The whole list is available at the Pusher-js Github page
var pusher = new Pusher(API_KEY, {
authTransport: 'buffered',
authDelay: 200
});
authTransport
(String)Required field. Use "buffered" to enable this plugin.
authDelay
(Number)Optional, defaults to 0. Delay in milliseconds before executing an authentication request. The value can be as low as 0 when subcribing to multiple channels within the same event loop. Please note that the first authentication request is postponed anyway until the connection to Pusher succeeds.
Your authentication endpoint should be able to handle batched requests.
socket_id 00000.0000000
channel_name[0] private-a
channel_name[1] private-b
{
"private-a": {
"status": 200, // HTTP status codes, optional on success
"data": {
"auth": "xxxxxx:xxxxxxxxxxxxx"
}
},
"private-b": {
"status": 200,
"data": {
"auth": "xxxxxx:xxxxxxxxxxxxx"
}
},
"private-c": {
"status": 403
}
}
Use one of the server libraries to do most of the hard work.
Copy app_key.example.js
and app_key.example.php
to app_key.example.xx
and fill in your own Pusher data. Create a small PHP server and run index.html with your browser's debug console active.
2.0.0 (2016-05-17)
FAQs
Pusher plugin for batching auth requests in one HTTP call
The npm package pusher-js-auth receives a total of 5,724 weekly downloads. As such, pusher-js-auth popularity was classified as popular.
We found that pusher-js-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.