Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
This module exists to facilitate the `t.match()` method in [`tap`](http://npm.im/tap).
This module exists to facilitate the t.match()
method in
tap
.
It checks whether a value matches a given "pattern". A pattern is an object with a set of fields that must be in the test object, or a regular expression that a test string must match, or any combination thereof.
The algorithm is borrowed heavily from
only-shallow
, with some notable
differences with respect to the handling of missing properties and the
way that regular expressions are compared to strings.
var matches = require('tmatch')
if (!matches(testObject, pattern)) console.log("yay! diversity!");
// somewhat more realistic example..
http.get(someUrl).on('response', function (res) {
var expect = {
statusCode: 200,
headers: {
server: /express/
}
}
if (!tmatch(res, expect)) {
throw new Error('Expect 200 status code from express server')
}
})
Copied from the source, here are the details of tmatch
's algorithm:
null
against undefined
, and avoids some stuff like 1 == [1]
.pattern.test(object)
, casting the object to a string if it is not
already a string.Set
, then return true if all the keys in
pattern
appear in object
.Map
, then return true if all the keys in
pattern
are in object
, and the values match as well.arguments
object, or the pattern is an
arguments
object, then cast them to arrays and compare their
contents.Buffer
constructor, then return true if
the object is a Buffer.Function
constructor, then return true if
the object is a function.instanceof
the pattern.undefined
, so it's possible to use {foo:null}
as a pattern
to ensure that the object doesn't have a foo
property.ISC. Go nuts.
FAQs
This module exists to facilitate the `t.match()` method in [`tap`](http://npm.im/tap).
The npm package tmatch receives a total of 139,863 weekly downloads. As such, tmatch popularity was classified as popular.
We found that tmatch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.