![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
thsq-device-flasher
Advanced tools
Readme
thsq-device-flasher
is an interactive command line tool for automated flashing of hardware running the Thingsquare system.
This tool creates a set of device identities on the Thingsquare backend, produces binary flash images that corresponds to those device identities, and flashes those binary images to the devices. Before flashing each device, the tool reads out the EUI of the device and associates it with the device identity on the backend.
npm install -g thsq-device-flasher
Software installation requirements:
srfprog
or Uniflash
.Thingsquare configuration requirements:
.bin
) for the devices to be flashedthsq-device-flasher <options> <binfile>
Required options:
-u <token>
: API access tokenOptional options:
-b <backend>
: backend stack address (defaults to developer.thingsquare.com
)-f <frontend>
: product frontend ID (defaults to 0ac48bf3-9fab-4bad-8455-e394808eda6b
)-s <email addresses>
: comma separated list of users to automatically share new devices with-p <platform>
: platform name of newly created devices (defaults to thsq-device-flasher
)-P <picture>
: a path to a custom device icon-t <flasher tool>
: srfprog or uniflash-T <Uniflash path>
: full path including Uniflash executableWhen run, the tool asks how to flash the new device. Type a letter and press return. The possible options are:
[number]
: pre-invite device to an existing network designated by the number typedu
: flash the device as unbonded, ready to be invited into a networkn
: generate a new network ID for the new device (useful for access points)r
: reflash the connected device with the same identity as it was previously flashed with$ thsq-device-flasher -u 1234abcd1234abcd1234abcd tjo.bin
OK: binfile tjo.bin, md5: d41d8cd98f00b204e9800998ecf8427e
OK: located srfprog utility in path
Logging in...
OK: logged in as user tjo@thingsquare.com
-----------------------------------------------
Found 2 networks:
* 1: xid cf7b44cb6faf7e45 with 2 devices e.g. Elis gw
* 2: xid b6e24a2675b543b3 with 101 devices e.g. t904
Menu options:
1-2 : generate and flash devices in given network
n: generate and flash device in new network
s: erase and read MAC of connected device
l: list existing devices
h: show this message
q: quit
FAQs
Thingsquare device flash utility
The npm package thsq-device-flasher receives a total of 5 weekly downloads. As such, thsq-device-flasher popularity was classified as not popular.
We found that thsq-device-flasher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.