Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Ruby bindings for QFS.
Add this line to your application's Gemfile:
gem 'qfs'
And then execute:
$ bundle
Or install it yourself as:
$ gem install qfs
The entrypoint to QFS with these bindings is the Qfs::Client
object. You can view the entire API in the documentation (TODO update this when open sourced) and see examples in "test/qfs_test.rb".
You can run the tests on an existing instance of QFS. By default, an local instance running on port 10000 is assumed, but you can specify a different location using environment variables.
rake test
By default, a stock QFS instance will likely have restricted permissions. You may have to connect to QFS as root and manually chown/chmod the root to something that the user running the tests can access.
QFS_TEST_PATH
: The directory in QFS to create and do all test-related operations in.QFS_TEST_HOST
: The host running QFS.QFS_TEST_PORT
: The port that QFS is running on.You can also enable debugging output by setting the environment variable RUBY_QFS_TRACE
.
export RUBY_QFS_TRACE=1
stat
can return stale data after modificationsThe behavior of the C API results in a stat
call using stale data if modifications were made to a file since the connection was opened. This can be avoided by opening and immediately closing the file that is being stat
'ed. You can enable this behavior by setting the refresh
option to true:
client.stat("/path/to/file", refresh: true)
Be aware that this may come with a performance penalty, so it may be better to use this option only when necessary.
FAQs
Unknown package
We found that qfs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.