Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This is a fork of the original httpbin project, which is located at https://github.com/postmanlabs/httpbin
Why fork? we were unable to get ahold of the folks at postmanlabs to maintain the original project, and httpbin is used for other packages within the python ecosystem, such as pytest-httpbin which is in turn used by packages such as requests so we have forked this package. That means that httpbin.org is not actually backed by this repo, but the httpbin package is. Confusing right? Know anyone at postmanlabs? get in touch.
httpbin is a Kenneth Reitz Project.
docker pull ghcr.io/psf/httpbin
docker run -p 80:8080 ghcr.io/psf/httpbin
httpbin
as a Libraryhttpbin
can be used as a dependency in your own projects by simply adding
httpbin
as a dependency.
To build the Docker image yourself, download the latest Dockerfile
and
requirements.txt
files from the release page. Store both file
in the same folder and run:
docker build --build-arg APP_VERSION=<your-version> [other docker args] .
Alternatively, you can re-generate a new requirements.txt
file using
pip-compile. In that case, be aware that the code has not been
tested against those dependencies and we cannot guarantee that such an image
will run without errors.
Where APP_VERSION
will be stored in a docker-label. The default value is an
empty-string.
The project provides two "extras" which contain dependencies that should only
be installed for specific use-cases. They will not be included when using
httpbin
as a dependency, unless they are explicitly requested like
httpbin[mainapp]
.
mainapp
: Includes everything needed to run httpbin
as a standalone app.
This is used by the docker image.test
: Includes additional dependencies for unit-testing. This is only used
during development.Releases (both docker and pypi) are automated via GitHub Actions (See #17).
For pypi releases, the project uses trusted-publishing via the official GitHub action.
For releases on docker-hub (when enabled in the CI), the following two secrets are required:
DOCKERHUB_USERNAME
DOCKERHUB_TOKEN
Releases are triggered on commits tagged with release-
(for example
release-0.10.0
).
FAQs
HTTP Request and Response Service
We found that httpbin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.