Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/dixonwille/wmenu
Package wmenu creates menus for cli programs. It uses wlog for it's interface with the command line. It uses os.Stdin, os.Stdout, and os.Stderr with concurrency by default. wmenu allows you to change the color of the different parts of the menu. This package also creates it's own error structure so you can type assert if you need to. wmenu will validate all responses before calling any function. It will also figure out which function should be called so you don't have to.
I try and keep up with my tags. To use the version and stable it is recommended to use govendor
or another vendoring tool that allows you to build your project for specific tags.
govendor fetch github.com/dixonwille/wmenu@v4
The above will grab the latest v4 at that time and mark it. It will then be stable for you to use.
I will try to support as many versions as possable but please be patient.
This is a simple use of the package. (NOTE: THIS IS A V4 SAMPLE)
menu := wmenu.NewMenu("What is your favorite food?")
menu.Action(func (opts []wmenu.Opt) error {fmt.Printf(opts[0].Text + " is your favorite food."); return nil})
menu.Option("Pizza", nil, true, nil)
menu.Option("Ice Cream", nil, false, nil)
menu.Option("Tacos", nil, false, func(opt wmenu.Opt) error {
fmt.Printf("Tacos are great")
})
err := menu.Run()
if err != nil{
log.Fatal(err)
}
The output would look like this:
0) *Pizza
1) Ice Cream
2) Tacos
What is your favorite food?
If the user just presses [Enter]
then the option(s) with the *
will be selected. This indicates that it is a default function. If they choose 1
then they would see Ice Cream is your favorite food.
. This used the Action's function because the option selected didn't have a function along with it. But if they choose 2
they would see Tacos are great
. That option did have a function with it which take precedence over Action.
You can you also use:
menu.AllowMultiple()
This will allow the user to select multiple options. The default delimiter is a [space]
, but can be changed by using:
menu.SetSeperator("some string")
Another feature is the ability to ask yes or no questions.
menu.IsYesNo(0)
This will remove any options previously added options and hide the ones used for the menu. It will simply just ask yes or no. Menu will parse and validate the response for you. This option will always call the Action's function and pass in the option that was selected.
Allows the user to pass anything for the value so it can be retrieved later in the function. The following is to show case the power of this.
The following was written in V3 but the concept holds for V4. V4 just changed
actFunc
to befunc([]wmenu.Opt) error
instead.
type NameEntity struct {
FirstName string
LastName string
}
optFunc := func(opt wmenu.Opt) error {
fmt.Println("Option 0 was chosen.")
return nil
}
actFunc := func(opt wmenu.Opt) error {
name, ok := opt.Value.(NameEntity)
if !ok {
log.Fatal("Could not cast option's value to NameEntity")
}
fmt.Printf("%s has an id of %d.\n", opt.Text, opt.ID)
fmt.Printf("Hello, %s %s.\n", name.FirstName, name.LastName)
return nil
}
menu := NewMenu("Choose an option.")
menu.ChangeReaderWriter(reader, os.Stdout, os.Stderr)
menu.Action(actFunc)
menu.Option("Option 0", NameEntity{"Bill", "Bob"}, true, optFunc)
menu.Option("Option 1", NameEntity{"John", "Doe"}, false, nil)
menu.Option("Option 2", NameEntity{"Jane", "Doe"}, false, nil)
err := menu.Run()
if err != nil {
log.Fatal(err)
}
The immediate output would be:
Output:
0) *Option 0
1) Option 1
2) Option 2
Choose an option.
Now if the user pushes [ENTER]
the output would be Options 0 was chosen.
. But now if either option 1 or 2 were chosen it would cast the options value to a NameEntity allowing the function to be able to gather both the first name and last name of the NameEntity. If you want though you can just pass in nil
as the value or even a string ("hello"
) since both of these implement the empty interface required by value. Just make sure to cast the values so you can use them appropriately.
This whole package has been documented and has a few examples in:
You should read the docs to find all functions and structures at your finger tips.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.