Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Dropbox Core SDK for Ruby
A Ruby library that for Dropbox's HTTP-based Core API.
https://www.dropbox.com/developers/core/docs
Setup
You can install this package using 'gem':
Getting a Dropbox API key
You need a Dropbox API key to make API requests.
Using the Dropbox API
Full documentation: https://www.dropbox.com/developers/core/
Before your app can access a Dropbox user's files, the user must authorize your application using OAuth 2. Successfully completing this authorization flow gives you an "access token" for the user's Dropbox account, which grants you the ability to make Dropbox API calls to access their files.
Once you have an access token, create a DropboxClient instance and start making API calls.
You only need to perform the authorization process once per user. Once you have an access token for a user, save it somewhere persistent, like in a database. The next time that user visits your app, you can skip the authorization process and go straight to making API calls.
Running the Examples
There are example programs included in the tarball. Before you can run an example, you need to edit the ".rb" file and put your Dropbox API app key and secret in the "APP_KEY" and "APP_SECRET" constants.
Running the Tests
FAQs
Unknown package
We found that dropbox-sdk-sv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.