Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The winreg npm package is a Node.js library for accessing and manipulating the Windows Registry. It allows you to read, write, and delete registry keys and values, making it useful for applications that need to interact with the Windows operating system at a low level.
Read a registry key
This feature allows you to read a value from a specified registry key. The code sample demonstrates how to read a value named 'MyValue' from the 'HKEY_CURRENT_USER\Software\MyApp' key.
const Winreg = require('winreg');
const regKey = new Winreg({
hive: Winreg.HKCU, // HKEY_CURRENT_USER
key: '\Software\MyApp'
});
regKey.get('MyValue', (err, item) => {
if (err) console.log('Error:', err);
else console.log('Value:', item.value);
});
Write a registry key
This feature allows you to write a value to a specified registry key. The code sample demonstrates how to set a string value named 'MyValue' with the data 'MyData' in the 'HKEY_CURRENT_USER\Software\MyApp' key.
const Winreg = require('winreg');
const regKey = new Winreg({
hive: Winreg.HKCU, // HKEY_CURRENT_USER
key: '\Software\MyApp'
});
regKey.set('MyValue', Winreg.REG_SZ, 'MyData', (err) => {
if (err) console.log('Error:', err);
else console.log('Value written successfully');
});
Delete a registry key
This feature allows you to delete a value from a specified registry key. The code sample demonstrates how to remove a value named 'MyValue' from the 'HKEY_CURRENT_USER\Software\MyApp' key.
const Winreg = require('winreg');
const regKey = new Winreg({
hive: Winreg.HKCU, // HKEY_CURRENT_USER
key: '\Software\MyApp'
});
regKey.remove('MyValue', (err) => {
if (err) console.log('Error:', err);
else console.log('Value removed successfully');
});
The windows-registry package is another alternative for interacting with the Windows Registry from Node.js. It provides basic functionality for reading and writing registry keys and values. While it is similar to winreg, it may not be as feature-rich or actively maintained.
node module that provides access to the Windows Registry through the REG commandline tool
The following command installs node-winreg.
npm install winreg
If you prefer to install without the development tools used to generate the HTML documentation (into a production environment for example) you should use the following command.
npm install winreg --production
Note that the development dependencies will not be installed if this package was installed as a dependency of another package.
The documentation is generated using jsdoc with the docstrap template. You can view the API documentation online, download the latest documentation or generate it from the sourcecode.
View the latest docs online.
To download the latest docs from GIT the following command is used.
npm run-script download-docs
To generate the docs from the sources you can use the following command.
npm run-script generate-docs
Note that generating the docs requires the development dependencies to be installed.
Let's start with an example. The code below lists the autostart programs of the current user.
var Registry = require('winreg')
, regKey = new Registry({ // new operator is optional
hive: Registry.HKCU, // open registry hive HKEY_CURRENT_USER
key: '\\Software\\Microsoft\\Windows\\CurrentVersion\\Run' // key containing autostart programs
})
// list autostart programs
regKey.values(function (err, items /* array of RegistryItem */) {
if (err)
console.log('ERROR: '+err);
else
for (var i=0; i<items.length; i++)
console.log('ITEM: '+items[i].name+'\t'+items[i].type+'\t'+items[i].value);
});
Since Windows Vista access to certain Registry Hives (HKEY_LOCAL_MACHINE or short HKLM for example) is restricted to processes that run in a security elevated context even if the user that starts the process is an admin. You can start a console within that context by right clicking the console shortcut and selecting the item with the shield icon called "Run as administrator" from the context menu.
Under some rare circumstances access to Registry Hives or particular keys may also be blocked by some antivirus programs or the Windows Group Policy Editor (google for gpedit.msc).
You can also use the regedit.exe tool shipped with Windows to check if you actually have access.
The Microsoft Windows console isn't capable of handling UTF-8 encoded text unless you set it up properly. If you see weird question marks for certain characters, it's probhably a problem with the encoding.
By default the console is setup to use an encoding that suits the language of the Windows operating system installation. Windows uses codepages to specify encodings for the console. The codepage is a unique number which is assigned to each encoding.
If you want to query the currently selected codepage you can type the command chcp
(w/o parameters). To set a new codepage (UTF-8 for this example) you pass the codepage number as the only argument to chcp
. The codepage value for UTF-8 is 65001.
You can easily do this from within your nodejs script by using the child_process.execSync(...)
function like the following example shows.
var execSync = require('child_process').execSync;
console.log(execSync('chcp').toString());
console.log(execSync('chcp 65001').toString());
An even better approach would be to extract and store the value returned by a call to chcp
prior setting the console to UTF-8 and resetting the codepage after your script is done.
This project is released under BSD 2-Clause License.
Copyright (c) 2016, Paul Bottin All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
provides access to the windows registry through the REG tool
The npm package winreg receives a total of 215,929 weekly downloads. As such, winreg popularity was classified as popular.
We found that winreg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.