Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Upload files and snippets to Slack chat from the command-line.
Log in to your slack.com account and get your API token from https://api.slack.com/.
gem install slackcat
export SLACK_TOKEN=<your api token>
echo 'hello world' | slackcat -c <channel>
Note: since gem dependencies build extension modules, you may need
ruby headers installed. For example, using system ruby on debian
derivatives, you need to install the ruby-dev
package.
SLACK_TOKEN
: your token from https://api.slack.com/.SLACK_CHANNEL
: default destination channel; will be used if
no -c
, -g
or -u
option given --token, -k <s>: Slack API token
--channels, -c <s>: Channels to share
--groups, -g <s>: Groups to share
--users, -u <s>: Users (DMs) to share
--filetype, -t <s>: File type identifier
--title, -T <s>: Title of file
--filename, -n <s>: Filename of file
--initial-comment, -i <s>: Initial comment to add
--post, -p: Post instead of upload
--multipart, -m: Multipart upload each file
--download, -d <s>: Download a linked file
--save-as, -s <s>: Save downloaded file as
--help, -h: Show this message
To upload text snippets, slackcat
is used similarly to unix cat
:
read data from STDIN or list filenames as arguments. Multiple files
will be concatenated.
Examples:
date | slackcat -c general
slackcat -u buddy foo.txt bar.txt
Uploads to slack are private by default. If you list channels, groups or usernames, content will be shared to them.
If you wish to upload binary files, for example images, use the -m
option, which will cause each file to be uploaded separately.
Example:
slackcat -c general -m kitten.jpg cat.gif
Slack does a good job of setting filetype correctly from mimetype,
though you may override this with the -t
option.
This mode does not read stdin.
To post text as a normal chat, instead of as a text snippet, use the
-p
option.
Example:
date | slackcat -c general -p
slackcat -u buddy -p foo.txt bar.txt
Due to a limitation of the slack api you may also pass only one channel, group or username.
Upload contents of buffer:
:%! slackcat -c dev
Upload contents of region:
M-| slackcat -c dev
To make a named function:
(setenv "SLACK_TOKEN" "<your api token>")
(defvar slackcat-bin "slackcat" "Command to invoke slackcat.")
(defvar slackcat-args "-c dev" "Default arguments to pass to slackcat.")
(defun slackcat (&optional b e)
"Upload contents of region to slack chat."
(interactive "r")
(let ((args (read-from-minibuffer "slackcat args: " slackcat-args)))
(shell-command-on-region b e (format "%s %s" slackcat-bin args))))
FAQs
Unknown package
We found that slackcat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.