
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
github.com/tianyicui/go-repl
A compiling Go REPL.
Builds up Go source as the session goes on, compiles and runs it with every input.
A "!" in front of the input means it's in "unstable" mode, e.g. a package has been imported and isn't used, or errors occur in the source.
Example session:
Welcome to the Go REPL!
Enter '?' for a list of commands.
> ?
Commands:
? help
+ (pkg) import package
- (pkg) remove package
-[dpc] pop last (declaration|package|code)
~ reset
: (...) add persistent code
! inspect source
> a := 6
> b := 7
> println(a * b)
42
> + fmt
! fmt> fmt.Println("Hello, world!")
Hello, world!
! fmt> println("This won't work since fmt doesn't get used.")
Compile error: /tmp/gorepl.go:2: imported and not used: fmt
! fmt> : fmt.Print()
fmt> println("Now it will!")
Now it will!
fmt> func b(a interface{}) { fmt.Printf("You passed: %#v\n", a); }
fmt> b(1)
Compile error: /tmp/gorepl.go:14: cannot call non-function b (type int)
fmt> !
package main
import "fmt"
func b(a interface{}) { fmt.Printf("You passed: %#v\n", a) }
func noop(_ interface{}) {}
func main() {
a := 6;
noop(a);
b := 7;
noop(b);
fmt.Print();
}
fmt> -d
fmt> !
package main
import "fmt"
func noop(_ interface{}) {}
func main() {
a := 6;
noop(a);
b := 7;
noop(b);
fmt.Print();
}
fmt> func dump(a interface{}) { fmt.Printf("You passed: %#v\n", a); }
fmt> dump("Phew, there we go.")
You passed: "Phew, there we go."
fmt> -d
fmt> -c
! fmt> - fmt
> + math
! math> println(math.Pi)
+3.141593e+000
! math> + fmt
! math fmt> fmt.Println(math.Pi)
3.1415927
! math fmt>
TODO:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.