
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
JsChat is a chat system. It has an easy to learn JSON protocol, an ncurses client, a web app, and a server. You can try it right now on "jschat.org":http://jschat.org.
JsChat is similar to IRC, but it's a fundamentally simpler system.
The web app has lots of interesting features:
!http://dl.getdropbox.com/u/221414/blogs/jschat.png!
h3. Installation
You can install with rubygems:
gem install jschat
Then run jschat-server
and jschat-client
to try out the console client locally.
To try out the web client, run jschat-web
and visit "http://localhost:4567":http://localhost:4567.
h3. Ruby Library Requirements
These gems are required by JsChat:
h3. Usage
The web app must be run alongside the server. The web app must be started in production mode:
http/jschat.rb -e production
The web app currently has no database dependencies, it's a wrapper that links cookies to JsChat server proxies. You can run it on port 80 by configuring Rack or an Apache proxy. I have Apache set up this way on "jschat.org":http://jschat.org.
h3. Configuration Files
These are the default locations of the configuration files. You can override them with --config=PATH
:
~/.jschat/config.json
/etc/jschat/config.json
The web app will use the same configuration file as the server so it can find out where the server is.
The file format is JSON, like this:
{ "port": 3001 }
h3. Server Configuration Options
{ "port": integer, "ip": "string: IP address to bind to", "tmp_files": "string: path to tmp files (including PID file)" }
h3. Client Commands
/nick name
/join #room
/j #room
h3. Protocol Design
The protocol is designed to be as close to executable JSON as possible, so clients and servers are simple to implement.
Look at client.rb JsChat::Protocol
to see what I mean.
h3. Hey, this is like Campfire!
I love Campfire and I didn't intend for JsChat to compete with it. JsChat is just a fun project, it doesn't offer Campfire's business-friendly interface, file hosting, transcripts and Basecamp integration.
h3. Credits
JsChat was created by "Alex Young":http://alexyoung.org for "Helicoid":http://helicoid.net. A growing group of friends are helping out:
If you'd like to contribute, send "alexyoung":http://github.com/alexyoung a message on GitHub.
FAQs
Unknown package
We found that jschat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.