Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
warehouse.ai-status-api
Advanced tools
Status and build logs management for the warehouse system
warehouse.ai-status-api
There are a handful of pieces to the warehouse system that all perform different
tasks. For building we have carpenterd
carpenterd-worker
and
eventually carpenter-installer
to handle the different layers of the build
process. The responsibility of the warehouse.ai-status-api
is to receive the
events from these services over NSQ
and create database records to
track the status of a given build. In the future we may also hook in some
generic webhooks based on these events or integrate with a notification
dispatcher of some kind.
npm install warehouse.ai-status-api --save
Write your own wrapper and pull in the slay
application that can reference
a config
directory in your folder.
const path = require('path');
const StatusApi = require('warehouse.ai-status-api').App;
// Directory that contains the `config` directory you want to use for config
// files for this server.
const root = path.join(__dirname, '..');
const status = new StatusApi(root);
status.start(err => {
if (err) return status.log.error(err), process.exit(1);
const port = status.servers.http.address().port;
status.log.info('Warehouse.ai-tatus-api started on port %d', port);
});
By default the Warehouse.ai status API runs as an service over http
and has
no authentication in place. Setup the configuration to have Slay use https
and use authentication middleware, for example authboot. Store API keys and
tokens in an encrypted config with whisper.json.
The service exposes the following routes.
GET /status/:pkg/:env # Get build status for HEAD
GET /status/:pkg/:env/:version # Get build status for version
GET /status-events/:pkg/:env/ # Get status events for HEAD
GET /status-events/:pkg/:env/:version # Get status events for version
GET /progress/:pkg/:env/ # Get build progress for HEAD
GET /progress/:pkg/:env/:version # Get build progress for HEAD
Before running tests, spin up an instance of localstack by running
npm run localstack
Then run:
npm test
FAQs
Status and build logs management for the warehouse system
We found that warehouse.ai-status-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.