Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
test-smtp-server
Advanced tools
The test-smtp-server package allows internal testing of projects needing an SMTP server.
Test SMTP Server is a lightweight wrapper for smtp-server. It is primarily intended for development and testing. The test code can start the server, run email tests and then validate the email contents. It can replace the use of external fake SMTP services which may have availablility issues.
All received emails are stored in an array in the order received. The emails may be viewed as raw data or a parsed object that is easily examined.
Tested on Node v16 with npm v7.
npm install test-smtp-server --save-dev
See test code for an example.
import { testSmtpServer } from "test-smtp-server";
(async (): Promise<void> => {
const smtpserver = new testSmtpServer();
await smtpserver.startServer(); // start listening
// send some emails capturing ids ..
messageId.push( await sendMail(email, smtpOptions));
// get emails in sent order
const mails = smtpserver.getEmails();
// validate/dump emails
if (mails.length) {
let entry = 0;
for (const mail of mails) {
console.log(`Checking mail entry <${entry}>`);
console.log(mail.envelope);
const parsed = await mail.getParsed();
if (parsed.messageId !== messageId[entry]) {
throw new Error(`Messageids do not match for email ${
entry} <${parsed.messageId}> <${messageId[entry]}>`);
}
console.log(parsed);
entry++;
}
} else {
throw new Error("No emails captured when expected");
}
await smtpserver.stopServer(); // terminate server
The server is started as secure but that may not be possible in the testing environment. If the server does not have a valid certificate, the connection will fail from the client side. Some clients (e.g. nodemailer/SMTP-Transport options) allow connections to non-secure servers. Node allows connections through an environment variable that turns off certificate authorization checking. See node_tls_reject_unauthorizedvalue for more information. This may be insecure if other ports are used.
This project is licensed under the MIT License - see the LICENSE file for details
FAQs
The test-smtp-server package allows internal testing of projects needing an SMTP server.
The npm package test-smtp-server receives a total of 74 weekly downloads. As such, test-smtp-server popularity was classified as not popular.
We found that test-smtp-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.