Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
theprogrammablemind
Advanced tools
This is the client for a server that processes natural language statements into JSON which can be paraphrase or acted upon. Instead of using grammar based parser, the server uses a generalized operator precedence parser.
A simple demo program can be run by installing this package and the running this command.
dev@devlaptop:~/temp/myProject$ node node_modules/theprogrammablemind/demo -q 'i went to the store' -d
This is the input
operators: [
'((i) [went] ([to] (<the> store)))',
],
bridges: [
{
id: "the",
level: 0,
bridge: "{ ...after, determiner: 'the' }"
},
{
id: "to",
level: 0,
bridge: "{ ...next(operator), after: after[0] }"
},
{
id: "went",
level: 0,
generatorp: ({context, gp}) => `${gp(context.actor)} went to ${gp(context.place)}`,
bridge: "{ action: 'go', marker: 'went', actor: before[0], place: after[0].after }"
},
],
Operators is used to do two things: specify the priority of operators and the argument structure. The idea here is to give sample sentences that are marked up so a graph of priorities can be made. The '[]' or '<>' is used to mark operators. In a generalized operator precedence parser, the result of a apply an operator can be another operator. The '[]' means there is a next level of the operator. The '<>' means there is not. The operators that this example defines are
Operator/Level Arity
the/0 prefix operator
to/0 prefix operator
went/0 infix operator
The priorities defined in order of application are
the/0 > to/0 > went/0
'went' is defined as infix for the example but defined as a prefix operator that evaluates to postfix operator would allow sentences such as "I went to the store bought a coffee and chips and jumped on the bus".
This works by combining contexts. Each context has a marker which indicates what is the operator. The bridge is used to specify how to combine contexts to get the next context. This abstraction support multiple languages mapping ultimately to the same JSON. The basic components are
{
"id": <id of the operator>,
"level": <level of the operator>,
"bridge": <how to calculate new context>
}
'after' is the arguments after the operator. 'before' is the argument before the operator. 'operator' is the operator. They are all contexts. The '...' operator works like the spread operator in JS. 'next(operator)' will take increment the level for the operator. 'squish()' will take the marker of the context and use that as a property name for the contexts. Here is an example. For this bridge
{
"id": "went",
"level": 0,
"bridge": "{ ...squish(after[0]), ...next(operator) }"
}
and initial state
operator = { 'marker': went/0 }
after = [{
'marker': to/0,
'after': { 'marker': 'store', 'determiner': 'the' }
}]
the result is
{
'marker': went/0,
'to': {
'marker': 'store',
'determiner': 'the'
}
}
If request fail to process correctly one of the main causes is operator ordering. The 'operators' definition is used to generate training data for the ordering neural net. Sometimes that is not enough. There is a 'priorities' property that can be used to supply additional training data. Priorties is a list of operators. The last operator it the preferred one. The logs show the order that operators were run in. If it wrong look for another message like
Context for choosing the operator ('wantMcDonalds', 0) was [('i', 0), ('wantMcDonalds', 0), ('aEnglish', 0), ('fromM', 0)]
In this case I wanted 'fromM' to apply before 'wantMcDonalds'. So I add this to the priorities array
[['i', 0], ['wantMcDonalds', 0], ['aEnglish', 0], ['fromM', 0]]
A generator is used to describe how to map json back to strings. This is an example
({ 'marker': 'tankConcept', 'number': { '>': 0 } }, '${number} ${word}')
The first part is a condition that is used to select the context. This example would match a context where the value 'marker' equals 'tankConcept' and the property 'number' is an number greater than zero. The second part can access properties in the context and generate a string. The access the properties 'number' and 'word' to generate a string.
List the default generators first. For example if you want English to be the default list the generator for English for and for other language with a language selector later.
Videos with more details can be found at <a href=http://thinktelligence.com/kms>thinktelligence videos
This is a list of statement that will be processed using the given definitions
FAQs
Unknown package
The npm package theprogrammablemind receives a total of 190 weekly downloads. As such, theprogrammablemind popularity was classified as not popular.
We found that theprogrammablemind demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.