Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Vagrant-vmenv is a npm module that is used to extend the behavior of a Vagrantfile. It uses virtual machine definitions to spin up complete enviroments where you can run tests or run your code.
npm install -g http://github.com/amatas/vagrant-vmenv
cp node_modules/vagrant-vmenv/Vagrantfile.template Vagrantfile
cp node_modules/vagrant-vmenv/qi.yml.template .qi.yml
The Vagrantfile acts as a pointer to the module, it shouldn't be modified. If you want to make a change at the environment level do so in the environment configuration file, and if you want to configure how the applications are deployed and tested do so in the .qi.yml file of your repository.
Commands:
vagrant up
to spin up the environment defined in the .qi.yml file.vagrant destroy
to stop and destroy the vm.vagrant halt
to shutdown the vm without destroy it.Note:
vagrant up
will exec the commands listed in the setup variable of each
application listed in the .qi.yml file.vagrant provision
will exec the commands listed in the test_cmds variable
of each application listed in the .qi.yml file.A VM can have multiple virtual NICs. Two types are avilable for each NIC: public and private. The public NICs will be attached to the host's physical network, the private NICs will be attached to a private network only visible between the other VMs and the host. The IP address of a private network can be customized in the definition of the VM. An example of the network definition of a VM can be:
networks:
privatenet:
type: private
ip: 192.168.45.22
publicnet:
type: public
If an environment has multiple VMs definitions with several NICs the hosts file of each VM will list all the IP address of each VM plus the name of the VM, this is very useful to point services between the VMs.
The port forwarding is configured in the VMs definition. The guest_port
variable is the source port to be mapped to the host_port
variable. The
guest_port
must be set in each port forward block, host_port
and protocol are
optionals.
ports:
- guest_port: 8080
host_port: 8888
protocol: tcp
- guest_port: 8181
host_port: 9999
- guest_port:8081
Each application can use a shared folder. If the folder variable of the application has a src key, Vagrant will map the path set in the src folder of the host to the path set in the dest variable in the VM.
folder:
src: "."
dest: "/app/universal"
More samples definitions can be found either in the envs directory or in the qi.yml.template.
FAQs
Unknown package
We found that vagrant-qienv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.