
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
github.com/lazyhacker/youtube-copy
This is a quick hack that uses the Youtube Data API to create playlists and subscriptions from Google Takeout for Youtube. The oAuth stuff and parts of calling the API is straight from Youtube's tutorial and code samples for using their APIs.
I wrote this to transfer my playlists and subscription from one Google account to another.
To use this, you must first
enable the Youtube Data API for your Google account
including downloading the credential file for oAuth. Save the credential file
as cs.json
.
Using Google Takeout, download your playlist and subscriptions in JSON format.
go get lazyhacker.dev/youtube-copy
I wrote this specifically for my need to copy some data over so there's no support. Use it at your own risk, but feel free to look at the code.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.