Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
= Clarity
== DESCRIPTION:
Clarity - a log search tool By John Tajima & Tobi Lütke
Clarity is a Splunk like web interface for your server log files. It supports searching (using grep) as well as trailing log files in realtime. It has been written using the event based architecture based on EventMachine and so allows real-time search of very large log files. If you hit the browser Stop button it will also kill the grep / tail utility.
We wrote Clarity to allow our support staff to use a simple interface to look through the various log files in our server farm. The application was such a big success internally that we decided to release it as open source.
== SECURITY:
Warning: Clarity takes parameters from URLs and runs them in the shell. This is essentially the most insecure thing imaginable. You have to make absolutley sure that clarity isn't reachable by the outside world. At the very least use --username and --password to put some protection on it.
== USAGE:
clarity --username=admin --password=secret --port=8989 /var/log
== COMMANDLINE:
Specific options:
-f, --config=FILE Config file (yml)
-p, --port=PORT Port to listen on
-b, --address=ADDRESS Address to bind to (default 0.0.0.0)
--include=MASK File mask of logs to add (default: **/.log)
--user=USER User to run as
Password protection:
--username=USER Enable httpauth username
--password=PASS Enable httpauth password
Misc:
-h, --help Show this message.
== SCREENSHOT:
http://img.skitch.com/20091104-je9kq1a2gfr586ia8y246bq4n8.png
== REQUIREMENTS:
== INSTALL:
== LICENSE:
(The MIT License)
Copyright (c) 2009 Tobias Lütke
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OT
FAQs
Unknown package
We found that edouard-clarity demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.