Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
[!WARNING] this can break your system, don't use it on your running system
A ruby API to manage the state of an Archlinux system.
The project is a Ruby Gem. Create a ruby file and require the gem:
require 'bundler/inline'
gemfile do
source "https://rubygems.org"
gem "archlinux", github: "emad-elsaid/archlinux"
end
Use linux
function to define your system state, for example:
linux do
hostname 'earth'
timedate timezone: 'Europe/Berlin',
ntp: true
locale "en_US.UTF-8"
keyboard keymap: 'us',
layout: "us,ara",
model: "",
variant: "",
options: "ctrl:nocaps,caps:lctrl,ctrl:swap_lalt_lctl,grp:alt_space_toggle"
package %w[
linux
linux-firmware
linux-headers
base
base-devel
bash-completion
pacman-contrib
docker
locate
syncthing
]
service %w[
docker
NetworkManager
]
timer 'plocate-updatedb'
user 'smith', groups: ['wheel', 'docker'] do
aur %w[
kernel-install-mkinitcpio
google-chrome
]
service %w[
ssh-agent
syncthing
]
copy './user/.config/.', '/home/smith/.config'
end
firewall :syncthing
on_finalize do
sudo 'bootctl install'
sudo 'reinstall-kernels'
end
file '/etc/X11/xorg.conf.d/40-touchpad.conf', <<~EOT
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "Tapping" "on"
Option "NaturalScrolling" "true"
EndSection
EOT
replace '/etc/mkinitcpio.conf', /^(.*)base udev(.*)$/, '\1systemd\2'
end
Now you can run the script with ruby as root:
sudo ruby <script-name.rb>
It will do the following:
Functions the user will run to declare the state of the system like packages to be present, files, services, user, group...etc
Methods for logging and small predicates, technically any ruby method is a utility. calling it executes the code directly instead of declaring a state.
FAQs
Unknown package
We found that archlinux demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.