![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
socket.io-emitter
Advanced tools
Readme
socket.io-emitter
allows you to communicate with Socket.IO servers
easily from another Node.js process (server side).
The emitter is also available in other programming languages:
It must be used in conjunction with socket.io-redis.
The current version is compatible with both:
socket.io-redis@5
(socket.io@2
)socket.io-redis@6
(socket.io@3
)const io = require('socket.io-emitter')({ host: '127.0.0.1', port: 6379 });
setInterval(() => {
io.emit('time', new Date);
}, 5000);
// Different constructor options.
//1. Initialize with host:port string
const io = require('socket.io-emitter')("localhost:6379")
// 2. Initlize with host, port object.
const io = require('socket.io-emitter')({ host: '127.0.0.1', port: 6379 });
// 3. Can use other node_redis compatible client eg; ioredis.
const Redis = require("ioredis");
const redis = new Redis();
const io = require('socket.io-emitter')(redis);
// Make the emitter works with redis clustered environment.
const Cluster = new Redis.Cluster([
{
host: "localhost",
port: 6379
},
{
host: "localhost",
port: 6378
},
]);
const io = require('socket.io-emitter')(Cluster);
const io = require('socket.io-emitter')({ host: '127.0.0.1', port: 6379 });
// sending to all clients
io.emit('broadcast', /* ... */);
// sending to all clients in 'game' room
io.to('game').emit('new-game', /* ... */);
// sending to individual socketid (private message)
io.to(socketId).emit('private', /* ... */);
const nsp = io.of('/admin');
// sending to all clients in 'admin' namespace
nsp.emit('namespace', /* ... */);
// sending to all clients in 'admin' namespace and in 'notifications' room
nsp.to('notifications').emit('namespace', /* ... */);
Note: acknowledgements are not supported
Access the redis
to subscribe to its error
event:
const emitter = require('socket.io-emitter')("localhost:6379");
emitter.redis.on('error', (err) => {
console.log(err);
});
client
is a node_redis
compatible client that has been initialized with the return_buffers
option set to true
. This argument is optional.
The following options are allowed:
key
: the name of the key to pub/sub events on as prefix (socket.io
)host
: host to connect to redis on (localhost
)port
: port to connect to redis on (6379
)socket
: unix domain socket to connect to redis on ("/tmp/redis.sock"
)Same as above, but clientUri
is a string of the format host:port
to connect to redis to.
If you don't want to supply a redis client object, and want
socket.io-emitter
to intiialize one for you, make sure to supply the
host
and port
options.
Specifies a specific room
that you want to emit to.
Specifies a specific namespace that you want to emit to.
MIT
FAQs
Unknown package
We found that socket.io-emitter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.