Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
github.com/ActiveState/mpb
- Version
- v3.1.1+incompatible
- Version published
- Created
Multi Progress Bar
mpb is a Go lib for rendering progress bars in terminal applications.
Features
- Multiple Bars: Multiple progress bars are supported
- Dynamic Total: Set total while bar is running
- Dynamic Addition: Additional bar could be added at later time
- Dynamic Removal: Remove particular bar, before or after completion
- Dynamic Resize: Adaptive bar resize (doesn't work inside tmux)
- Cancellation: Cancel whole rendering process
- Predefined Decorators: Elapsed time, Ewmaest based ETA, Percentage, Bytes counter
- Decorator's width sync: Synchronized decorator's width among multiple bars
Installation
go get github.com/vbauerster/mpb
Note: it is preferable to go get from github.com, rather than gopkg.in. See issue #11.
Usage
Rendering single bar
p := mpb.New(
// override default (80) width
mpb.WithWidth(100),
// override default "[=>-]" format
mpb.WithFormat("╢▌▌░╟"),
// override default 120ms refresh rate
mpb.WithRefreshRate(100*time.Millisecond),
)
total := 100
name := "Single Bar:"
// Add a bar
// You're not limited to just a single bar, add as many as you need
bar := p.AddBar(int64(total),
// Prepending decorators
mpb.PrependDecorators(
// StaticName decorator with minWidth and no extra config
// If you need to change name while rendering, use DynamicName
decor.StaticName(name, len(name), 0),
// ETA decorator with minWidth and no extra config
decor.ETA(4, 0),
),
// Appending decorators
mpb.AppendDecorators(
// Percentage decorator with minWidth and no extra config
decor.Percentage(5, 0),
),
)
for i := 0; i < total; i++ {
time.Sleep(time.Duration(rand.Intn(10)+1) * time.Second / 100)
bar.Increment()
}
// Gracefully shutdown mpb's monitor goroutine
p.Stop()
Rendering multiple bars
var wg sync.WaitGroup
p := mpb.New(mpb.WithWaitGroup(&wg))
total := 100
numBars := 3
wg.Add(numBars)
for i := 0; i < numBars; i++ {
name := fmt.Sprintf("Bar#%d:", i)
bar := p.AddBar(int64(total),
mpb.PrependDecorators(
decor.StaticName(name, 0, 0),
// DSyncSpace is shortcut for DwidthSync|DextraSpace
// means sync the width of respective decorator's column
// and prepend one extra space.
decor.Percentage(3, decor.DSyncSpace),
),
mpb.AppendDecorators(
decor.ETA(2, 0),
),
)
go func() {
defer wg.Done()
for i := 0; i < total; i++ {
time.Sleep(time.Duration(rand.Intn(10)+1) * time.Second / 100)
bar.Increment()
}
}()
}
// Gracefully shutdown mpb's monitor goroutine
p.Stop()
Dynamic Total
Adaptive resize
Note: don't expect much, it corrupts if resizing too fast.
Bytes counter decorator
Typeface used in screen shots: Iosevka
FAQs
Unknown package
Package last updated on 12 Mar 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025