Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/golang-design/clipboard
Cross platform (macOS/Linux/Windows/Android/iOS) clipboard package in Go
import "golang.design/x/clipboard"
gclip
as a demo applicationgclip-gui
as a demo applicationPackage clipboard provides cross platform clipboard access and supports macOS/Linux/Windows/Android/iOS platform. Before interacting with the clipboard, one must call Init to assert if it is possible to use this package:
// Init returns an error if the package is not ready for use.
err := clipboard.Init()
if err != nil {
panic(err)
}
The most common operations are Read
and Write
. To use them:
// write/read text format data of the clipboard, and
// the byte buffer regarding the text are UTF8 encoded.
clipboard.Write(clipboard.FmtText, []byte("text data"))
clipboard.Read(clipboard.FmtText)
// write/read image format data of the clipboard, and
// the byte buffer regarding the image are PNG encoded.
clipboard.Write(clipboard.FmtImage, []byte("image data"))
clipboard.Read(clipboard.FmtImage)
Note that read/write regarding image format assumes that the bytes are PNG encoded since it serves the alpha blending purpose that might be used in other graphical software.
In addition, clipboard.Write
returns a channel that can receive an
empty struct as a signal, which indicates the corresponding write call
to the clipboard is outdated, meaning the clipboard has been overwritten
by others and the previously written data is lost. For instance:
changed := clipboard.Write(clipboard.FmtText, []byte("text data"))
select {
case <-changed:
println(`"text data" is no longer available from clipboard.`)
}
You can ignore the returning channel if you don't need this type of notification. Furthermore, when you need more than just knowing whether clipboard data is changed, use the watcher API:
ch := clipboard.Watch(context.TODO(), clipboard.FmtText)
for data := range ch {
// print out clipboard data whenever it is changed
println(string(data))
}
gclip
for command line clipboard accesses, see document here.gclip-gui
for functionality verifications on mobile systems, see a document here.gclip
command offers the ability to interact with the system clipboard
from the shell. To install:
$ go install golang.design/x/clipboard/cmd/gclip@latest
$ gclip
gclip is a command that provides clipboard interaction.
usage: gclip [-copy|-paste] [-f <file>]
options:
-copy
copy data to clipboard
-f string
source or destination to a given file path
-paste
paste data from clipboard
examples:
gclip -paste paste from clipboard and prints the content
gclip -paste -f x.txt paste from clipboard and save as text to x.txt
gclip -paste -f x.png paste from clipboard and save as image to x.png
cat x.txt | gclip -copy copy content from x.txt to clipboard
gclip -copy -f x.txt copy content from x.txt to clipboard
gclip -copy -f x.png copy x.png as image data to clipboard
If -copy
is used, the command will exit when the data is no longer
available from the clipboard. You can always send the command to the
background using a shell &
operator, for example:
$ cat x.txt | gclip -copy &
This package spent efforts to provide cross platform abstraction regarding accessing system clipboards, but here are a few details you might need to know.
libx11-dev
or xorg-dev
or libX11-devel
to access X window system.gomobile
In general, when you need test your implementation regarding images, There are system level shortcuts to put screenshot image into your system clipboard:
Ctrl+Shift+Cmd+4
Ctrl+Shift+PrintScreen
Shift+Win+s
As described in the API documentation, the package supports read/write UTF8 encoded plain text or PNG encoded image data. Thus, the other types of data are not supported yet, i.e. undefined behavior.
The main purpose of building this package is to support the midgard project, which offers clipboard-based features like universal clipboard service that syncs clipboard content across multiple systems, allocating public accessible for clipboard content, etc.
To know more projects, check our wiki page.
MIT | © 2021 The golang.design Initiative Authors, written by Changkun Ou.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.