Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Typescript program to convert W3C documents, produced by ReSpec, to EPUB 3.3.
The conversion can:
(The on-the-fly conversion via ReSpec is done by running the W3C’s Spec Generator service. Alas!, that service may be down or slow, and this package has no control over that…)
There is a simple command line interface to run the script. See the the separate documentation on cli for details and examples.
There is also the possibility to start a simple server to generate EPUB 3.3 instances on request. See the separate documentation on the server for details and examples of HTTP requests.
The server has been deployed on the cloud at W3C using the https://labs.w3.org/r2epub
URL. A browser interface to drive this server is also available.
(Note that the server running on W3C is used to generate an EPUB version of a document based on respec, using its export
facility.)
The program can also be used from another Typescript or Javascript program. See the separate documentation on the API for details and examples of the API usage.
The implementation is in Typescript and on top of node.js
. The documentation is also available on-line.
The usual npm
approach applies:
git clone https://github.com/iherman/r2epub.git
cd r2epub
npm install
or simply use
npm install r2epub
to get to the latest, published version.
The repository contains both the typescript code (in the src
directory) as well as the transformed javascript code (in the dist
directory). If, for some reasons, the latter is not in the repository or is not up to date, the
npm run build
command takes care of that. The documentation can also be generated locally through the
npm run docs
command.
PORT
or R2EPUB_PORT
: the port number used by the server; failing these the default (i.e., 80) is used. (PORT
takes precedence over R2EPUB_PORT
.)
R2EPUB_LOCAL
: no URL-s on localhost
are accepted, unless this environment variable set (the value of the variable is not relevant, only the setting is). For security reasons this variable should not be set for deployed servers.
R2EPUB_MODIFIED_EPUB_FILES
: A number of W3C specific files (logos, some css files) had to be adapted for EPUB 3 usage, and are retrieved from a separate site. At the moment, https://www.ivan-herman.net/r2epub/
is used as a base URL for those files. However, if the variable is set, its value is used as a prefix for the copy of the files on the local file system and the files are read directly from the disc. (Typically, the value points at docs/epub_assets/
in the local clone of the distribution.)
(Some server may have problems with a burst of access to the same base URL resulting in run-time error, hence the advantage to use this local alternative to setup.)
Once installed locally, follow specific instructions based on your needs/interest below:
node dist/r2epub.js
starts the command line interface.
node dist/server.js
starts up the server locally.
Copyright © 2020 Ivan Herman (a.k.a. @iherman).
FAQs
Typescript based conversion of Respec generated HTML files into EPUB 3.3
The npm package r2epub receives a total of 0 weekly downloads. As such, r2epub popularity was classified as not popular.
We found that r2epub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.