Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Simple way to send alerts via Slack, Email, Discord, SMS, etc. Simplert is currently geared towards personal and smaller apps where you just want a simple way to alert on some event like when a new user signs up. The idea is that you can just drop your simplert config file in any of your projects and quickly start alerting on events through multiple platforms without having to rewrite or copy over platform specific code. I would advise against using this in any critical production apps as of now.
npm install simplert
npx generate-config
{
"discord": {
"enabled": false,
"token": "",
"send_to": ""
},
"email": {
"gmail": {
"enabled": false,
"send_to": "",
"send_from": "",
"subject": "",
"token": {},
"credentials": {}
}
},
"slack": {
"enabled": false,
"send_to": "",
"token": ""
},
"sms": {
"twilio": {
"enabled": false,
"send_to": "",
"send_from": "",
"sid": "",
"token": ""
}
}
}
enabled - whether you want this type of alerting enabled or not
discord:token - the token of your discord bot
discord:send_to - the name of the discord channel you want to send your alerts too. Make sure your bot has permission on the server to send messages
email:gmail:send_to - the default receipient email you want to send to, otherwise passed into the email function
email:gmail:send_from - The default email you want to send from. You may have a Gsuite account with multiple aliases that you can specifiy here which one you want to send from. Otherwise passed into the email function
email:gmail:subject - A default email subject for every alert, otherwise passed into the email function
email:gmail:token - Used for authorization, can be generated with npx generate-gmail
assuming you have your email:gmail:credentials
populated correctly.
email:gmail:credentials - Credentials provided by Google when setting up your project in the Google Cloud Console usually downloaded as gmail-credentials.json
. Set this key as the contents of that file.
slack:send_to - The channel or user you want to send the message to. Examples: #some_channel or @some_user
slack:token - The token of your Slack bot. Make sure it has the right permissions setup to send messages.
sms:twilio:send_to - The phone number you want to send an alert to including country code.
sms:twilio:send_from - The Twilio phone number you want to send from on your account
sms:twilio:sid - The ACCOUNT SID from your Twilio Console
sms:twilio:token - The AUTH TOKEN from you Twilio Console
Note: Make sure you have setup your configuration file
Send a message to a discord channel.
send_to
can be optional if it is specified in the configuration file underdiscord:send_to
as the default, otherwise it needs to be passed in as the second argument
const simplert = require("simplert");
simplert.configure("simplert.json");
simplert.discord("some event"); //assuming discord:send_to is set in config file
simplert.discord("some other event", "general"); // send to a different channel
Send an email message.
send_to, subject, send_from
can be optional if defaults are set under email:gmail:*
in the configuration file. Otherwise, they need to be passed as arguments to the function.
const simplert = require("simplert");
simplert.configure("simplert.json");
simplert.email("some event"); //assuming all key values are set under email:gmail:* in the config file
simplert.email("some other event", "email@example.com"); // send to a specific email
simplert.email("another event", "email@example.com", "Some Email Subject"); // set an email subject
simplert.email("and another event", "email@example.com", "Some Email Subject", "alias@example.com"); // set a send from alias if you use Gsuite
Send a message to a Slack channel or user.
send_to
can be optional if it is specified in the configuration file underslack:send_to
as the default, otherwise it needs to be passed in as the second argument
const simplert = require("simplert");
simplert.configure("simplert.json");
simplert.slack("some event"); //assuming slack:send_to is set in config file
simplert.slack("some other event", "#general"); // send to a different channel
simplert.slack("some other event", "@johndoe"); // send to a different user
Send an sms message.
send_to, send_from
can be optional if defaults are set under sms:twilio:*
in the configuration file. Otherwise, they need to be passed as arguments to the function.
const simplert = require("simplert");
simplert.configure("simplert.json");
simplert.sms("some event"); //assuming sms:twilio:send_to and sms:twilio:send_from are set in config file
simplert.sms("some other event", "+12223334444"); // set a phone number to send to including country code
simplert.sms("another event", "+12223334444", "+15556667777"); // set a phone number to send from your Twilio account
npx generate-config
Generates a simplert configuration file. By default, all alert will be set to disabled, you will need to manually configure the necessary values in this file before using simplert.
npx generate-gmail
This will generate an auth token and automatically populate the email:gmail:token
value in your configuration file. This assumes that you have email:gmail:credentials
set in your configuration file which should be set to the content in your gmail-credentials.json
file that was download from Google Cloud Console when setting up a project.
Open an issue on the repo if you have other platforms you want to see supported
Please open an issue on the repo to report any bugs or improvements as I am sure there are. I would consider this still in beta and not to be used in any critical production apps rather used for personal projects that you just want some simple alerting on.
FAQs
Simple way to send alerts via Slack, Email, Discord, SMS, etc.
The npm package simplert receives a total of 0 weekly downloads. As such, simplert popularity was classified as not popular.
We found that simplert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.