
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
h1. Thin::Glazed
This library adds an HTTPS proxy to Thin, which allows you to run your Rails apps that use both HTTP and HTTPS protocols simply within a browser, as well as in your Capybara integration tests, should you so desire.
It was written to keep things consistent - with SSL in development, test and production environments.
This wouldn't have been possible (or at least, would have been a far larger headache) if it wasn't for the source and examples of the em-proxy gem.
h2. Installation
Add this line to your application's Gemfile, in your development and/or test groups:
gem 'thin-glazed'
h2. Using it in development
You can use the glazed server when you fire up your Rails app locally:
./script/rails server thin_glazed
This will provide HTTPS over port 3443 - I use "my fork":https://github.com/freelancing-god/ssl_requirement of the bartll-ssl_requirement gem to specify which ports have which protocols, at the end of my @config/environments/development.rb@ file:
SslRequirement.non_ssl_port = 3000
SslRequirement.non_ssl_port = 3443
This ensures redirects from one protocol to the other work accordingly.
If you want to have this as your default development server, add a @:require@ option to the listing in your Gemfile:
gem 'thin-glazed', :require => 'thin/glazed/as_default'
And from there, it'll just work:
./script/rails server
h2. Using it with tests
Note: this currently has a dependency on "my fork":https://github.com/freelancing-god/ssl_requirement of bartll-ssl_requirement. I'd love some suggestions on instructing Rails on what the HTTP and HTTPS ports are without external requirements.
It should just work, if you're using straight Capybara, or Capybara with Selenium. For Webkit, you'll want to use @:glazed_webkit@ instead of @:webkit@ for your javascript driver:
Capybara.javascript_driver = :glazed_webkit
h2. Using it in production
Don't. This isn't built for production - you'd be far better served with a tool like Pound, or really just letting Nginx or Apache handle it all for you.
h2. Contributing
git checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)h2. Credits
Copyright (c) 2012, Thin::Glazed is developed and maintained by Pat Allan, and is released under the open MIT Licence.
FAQs
Unknown package
We found that thin-glazed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.