
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
github.com/mintalk/goncurses
This fork is specifically made for the mintalk client.
It generally should not be used elsewhere.
Goncurses is an ncurses library for the Go programming language. It requires both pkg-config and ncurses C development files be installed.
The go tool is the recommended method of installing goncurses. Issue the following command on the command line:
$ go get github.com/mintalk/goncurses
The ncurses C development library must be installed on your system in order to build and install Goncurses. For example, on Debian based systems you can run:
$ sudo apt install libncurses-dev
OSX and Windows users should visit the Wiki for installation instructions.
Cgo will fail to build with an invalid or unknown flag error with recent versions of ncurses. Unfortunately, the cgo tool only provides one mechanism for overcoming this. You need to set *_ALLOW environment variables to overcome the issue. There are no cgo directives or any other clever ways (that I know of) to fix this.
This package provides a Makefile as one solution. Another would be to set the variables in your shell in whatever way makes you feel comfortable.
No functions which operate only on stdscr have been implemented because it makes little sense to do so in a Go implementation. Stdscr is treated the same as any other window.
Whenever possible, versions of ncurses functions which could potentially have a buffer overflow, like the getstr() family of functions, have not been implemented. Instead, only mvwgetnstr() and wgetnstr() are used.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.