Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
This is a CLI for securenv API where you can upload your env files to a vault and share you your team from a secure way.
You must be authenticated to get or set any data to secure vault.
$ npx securenv login [username] [password] https://securenv.prod.k8s.inovacao.rdsl.adttemp.com.br
The session will be available for 1h and after the first login you can use an shortcut to login withou pass the api-host.
$ npx securenv login [username] [password]
To GET, SET or LIST any information from the vault you have to be logged in and must have all the grants to to the job.
$ npx securenv set [project-name] [environment]
So if you want to upload your .env.production file to the vault, you have to do:
$ npx securenv set my-project production
# this will upload .env.production to my-project production vault
$ npx securenv get [project-name] [environment]
So if you want to download your .env.production file from the vault, you have to do:
$ npx securenv get my-project production
# this will replace .env.production file with the content of the vault
$ npx securenv get my-project staging
# this will replace .env.staging file with the content of the vault
When you list list all avaiable projects and environments that you have grants, securenv will show to you up 10 old versions of some environment.
If you want to get an specific version you have to get the versionId you want and do:
$ npx securenv get [project-name] [environment] [version-id]
# this will list all available environments that you have grant
If you only want to see some env file, you can do:
$ npx securenv cat [project-name] [environment]
List all avaiable projects and environments that you have grants.
$ npx securenv list [project-name]
# this will list all available environments that you have grant
This command will synchronize all variables stored in securenv with your bitbucket pipeline.
All variables will be sent to the bitbucket environment with the same name you sent as a parameter.
$ npx securenv@latest sync [environment] -p [project-name]
If you dont send the project-name securenv will get it from you package.json
$ npx securenv@latest sync [environment]
FAQs
Securenv its a CLI for securenv API that stores and gets secure env files
The npm package securenv receives a total of 6 weekly downloads. As such, securenv popularity was classified as not popular.
We found that securenv demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.