Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
wickrio-broadcast-bot
Advanced tools
To get started, you would need to setup your system, download and install Docker and run the WickrIO Docker container. Full instructions on how to do so are available here: https://wickrinc.github.io/wickrio-docs/#wickr-io-getting-started
Wickr IO integrations are configured by running the configure.sh file,
Required tokens:
In the package.json make sure the wickrio-bot-api is at least 5.79.X
Make sure the test script in the package.json is as follows "nyc --reporter=text-summary --reporter=text mocha test", this will be the default test script that will be run with the ./test.sh (if you pass in no arguments)
The following modules were used to do testing with code coverage: nyc mocha @istanbuljs/nyc-config-babel babel-plugin-istanbul
Make sure these modules are installed.
In the babel section of the package.json make sure that "sourceMaps" is set to true, and that "istanbul" is added to all the plugins lists.
In the nyc section of the package.json the following should be present: "all": true, "sourceMap": false, "instrument": false, "extends": "@istanbuljs/nyc-config-babel",
These settings will allow nyc to use code that was instrumented through babel using @istanbuljs/nyc-config-babel.
When you do "npm run build" the files in the build directory will be created. The files in the build directory are used during testing and code coverage. (If the build directory doesn't exist at the the time of running "./test.sh", the build directory will be created automatically)
Any tests you plan on running should be located in the "tests" directory, any tests you add must be using modules from the build directory. For example if you want to make tests for help.js make sure your require statement looks like the following: const Help = require('../build/commands/help')
The information used to setup the testing environment was found at the following links:
https://www.npmjs.com/package/@istanbuljs/nyc-config-babel https://github.com/istanbuljs/babel-plugin-istanbul
Unit tests are found in the tests directory. They are made using the mocha npm module. nyc is also used to collect code coverage on these tests.
To run the tests with code-coverage simply use the test.sh script. By default if you run ./test.sh with no arguments a test summary and a detailed report will be outputted to the screen. Otherwise, if you input arguments that are valid reporters used by nyc then the report will be generated using those chosen reporters. For example if you use the argument "json" the following script will be run: "nyc --reporter=json mocha test" Reporter choices can be found here https://istanbul.js.org/docs/advanced/alternative-reporters/
If build files are not present at the time of running ./test.sh, npm run build will be run to create those files so they can be tested.
The test.sh script can be found in the root directory of the broadcast-bot repo.
This software is distributed under the Apache License, version 2.0
Copyright 2021 Wickr, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
FAQs
WickrIO Broadcast Bot
The npm package wickrio-broadcast-bot receives a total of 2 weekly downloads. As such, wickrio-broadcast-bot popularity was classified as not popular.
We found that wickrio-broadcast-bot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.