Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The Alerta monitoring tool was developed with the following aims in mind:
Release 9 only supports Python 3.9 or higher.
The only mandatory dependency is MongoDB or PostgreSQL. Everything else is optional.
To install MongoDB on Debian/Ubuntu run:
$ sudo apt-get install -y mongodb-org
$ mongod
To install MongoDB on CentOS/RHEL run:
$ sudo yum install -y mongodb
$ mongod
To install the Alerta server and client run:
$ pip install alerta-server alerta
$ alertad run
To install the web console run:
$ wget https://github.com/alerta/alerta-webui/releases/latest/download/alerta-webui.tar.gz
$ tar zxvf alerta-webui.tar.gz
$ cd dist
$ python3 -m http.server 8000
>> browse to http://localhost:8000
Alerta and MongoDB can also run using Docker containers, see alerta/docker-alerta.
To configure the alertad
server override the default settings in /etc/alertad.conf
or using ALERTA_SVR_CONF_FILE
environment variable::
$ ALERTA_SVR_CONF_FILE=~/.alertad.conf
$ echo "DEBUG=True" > $ALERTA_SVR_CONF_FILE
More information on configuration and other aspects of alerta can be found at http://docs.alerta.io
To run in development mode, listening on port 5000:
$ export FLASK_APP=alerta FLASK_DEBUG=1
$ pip install -e .
$ flask run
To run in development mode, listening on port 8080, using Postgres and reporting errors to Sentry:
$ export FLASK_APP=alerta FLASK_DEBUG=1
$ export DATABASE_URL=postgres://localhost:5432/alerta5
$ export SENTRY_DSN=https://8b56098250544fb78b9578d8af2a7e13:fa9d628da9c4459c922293db72a3203f@sentry.io/153768
$ pip install -e .[postgres]
$ flask run --debugger --port 8080 --with-threads --reload
Enable debug log output by setting DEBUG=True
in the API server
configuration:
DEBUG=True
LOG_HANDLERS = ['console','file']
LOG_FORMAT = 'verbose'
LOG_FILE = '$HOME/alertad.log'
It can also be helpful to check the web browser developer console for JavaScript logging, network problems and API error responses.
To run the all the tests there must be a local Postgres and MongoDB database running. Then run:
$ TOXENV=ALL make test
To just run the Postgres or MongoDB tests run:
$ TOXENV=postgres make test
$ TOXENV=mongodb make test
To run a single test run something like:
$ TOXENV="mongodb -- tests/test_search.py::QueryParserTestCase::test_boolean_operators" make test
$ TOXENV="postgres -- tests/test_queryparser.py::PostgresQueryTestCase::test_boolean_operators" make test
Alerta can be deployed to the cloud easily using Heroku https://github.com/alerta/heroku-api-alerta, AWS EC2 https://github.com/alerta/alerta-cloudformation, or Google Cloud Platform https://github.com/alerta/gcloud-api-alerta
Alerta monitoring system and console
Copyright 2012-2023 Nick Satterly
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
FAQs
Alerta server WSGI application
We found that alerta-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.