Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A sane and tidy way to manage files in the cloud.
Floccus prefixes filenames with a unique hash based on the contents of the file, then drops them at your cloud root where they're publicly accessible.
This removes the need to keep track of filenames, paths, or concerns if a certain file is actually in your cloud but not readily discoverable. Since the hashing mechanism is standard, it's easy to query the cloud for an existing file, even if named differently, if you have a local copy.
$ gem install floccus
Create the file ~/.floccfg
with your AWS keys and default bucket.
# Floccfg
access_key_id: 'aws-key' # required, your AWS Access ID
secret_access_key: 'aws-secret' # required, your AWS Secret Key
default_bucket: 'default-bucket' # required, the bucket to place files in
domain: 'cdn.my-cloud.com' # optional, returns the file hosted at this domain root, instead of S3
floc image.jpg
-> public URL: http://cdn.my-cloud.com/24894781b632f6b3e805dae60e2d8c46-image.jpg
The public URL is also copied to your clipboard.
ls
feature for checking for an existing filegit checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)'Floccus' is a type of cirrus cloud that resembles the pattern above: http://en.wikipedia.org/wiki/Cirrus_floccus. It's a cloud that rises high in the atmosphere, hence the high level API.
MIT License
Copyright (C) 2013 Owen Bossola, http://owenbossola.com
FAQs
Unknown package
We found that floccus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.