Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
s3-npm-cache
Advanced tools
Lightweight runtime to cache NPM dependencies in S3
Set up your agent environment with AWS credentials before running this script.
If you don't have AWS credentials setup it will warn you and continue with an NPM install.
$ npm install s3-npm-cache -g
$ s3-npm-cache <s3 bucket name> [package.json root folder]
You can specify an optional package.json root folder if you wish to cache node_modules in a different folder to your current working directory.
Please note if you do specify the optional package.json root folder the path is relative.
This repository contains a test folder which contains a fake package.json you can use for development or testing.
There are a number of features still in development
FAQs
Lightweight runtime to cache NPM dependencies in S3
The npm package s3-npm-cache receives a total of 1 weekly downloads. As such, s3-npm-cache popularity was classified as not popular.
We found that s3-npm-cache demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.