Security News
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
By Sarah Gooding - Feb 14, 2026
Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →
uncork
SSH-over-HTTPS proxy that works like Unix corkscrew.
Install
Run npm install uncork -g to install uncork globally.
Run
Before running
uncork, make sure your proxy is set in environment variable as eitherHTTPS_PROXYorHTTP_PROXY.
Run uncork 22 ssh.github.com:443 to start uncork server on port 22 and forward to ssh.github.com:443.
SSH-over-HTTPS proxy 1.0.0
- Listening on port 22
- Will connect to HTTPS proxy at 127.0.0.1:8888
- Will tunnel traffic to destination at ssh.github.com:443
If your proxy server requires authentication, you can run uncork 22 ssh.github.com:443 johndoe P@ssw0rd to start uncork server with BASIC authentication.
Options via environment variables
You can also set options thru environment variables listed below.
| Environment variable | Description | Default |
|---|---|---|
uncork_destination | Destination hostname and port | ssh.github.com:443 |
uncork_port | Port number to listen to | 22 |
uncork_proxy_username | Username for proxy BASIC authentication | |
uncork_proxy_password | Password for proxy BASIC authentication |
How we use uncork
At our customer site, their Windows boxes are shared and locked behind firewall with HTTPS proxy. We want to use Git client to read/write to GitHub via SSH. We prefer SSH because we can use deploy keys to limit access to our repositories.
Our requirements:
- Use GitHub deploy keys, which is SSH only
- Work thru their HTTPS proxy
- Only allow traffic to external servers on port 443
- Requires authentication, supports both BASIC and NTLM
- Unzip to install
- Do not require administrative privileges
- Minimal footprint
Fortunately, GitHub has a SSH server setup on port 443 instead of 22, described in this article.
Assume our repository is setup with SSH deploy generated by puttygen.
On the Windows box:
- Install PuTTY suite, with
plinkandpageant - Setup environment variable
GIT_SSHand point toplink.exe- Run
SETX GIT_SSH <path to plink.exe>
- Run
- Load the deploy key
- Run
pageant
- Run
- Install and run
uncork- Run
npm install uncork -g - Run
uncork 22 ssh.github.com:443
- Run
- Clone the repository
- Run
git clone git@localhost/org/reponame.git
- Run
Although some steps mentioned above requires administrative privileges, we actually build a ZIP file to contain all installed components mentioned.
Contribution
Like us? Star us.
Found a bug? File us an issue.
FAQs
SSH-over-HTTPS proxy that works like Unix "corkscrew"
The npm package uncork receives a total of 2 weekly downloads. As such, uncork popularity was classified as not popular.
We found that uncork demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Mar 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.
By Kirill Boychenko - Feb 13, 2026
Security News
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection
After Matplotlib rejected an AI-written PR, the agent fired back with a blog post, igniting debate over AI contributions and maintainer burden.
By Sarah Gooding - Feb 12, 2026