Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
org.curioswitch.curiostack:armeria-google-map-services
Advanced tools
org.curioswitch.curiostack:armeria-google-map-services
A Google Maps API client, based on Armeria.
curiostack
Very full stack to help satisfy curiosity
Developer resources
Developers should start at our developer portal, https://developers.curioswitch.org. The content is still light, but the codelabs should help get started with concepts quickly.
Also until the coverage of the codelabs goes up, it is also important to go through this README and
maybe even some of the code to understand what's available.
Company Resources
Looking for guidelines and documents outlining best practices for designing a company, not just the engineering codebase? Check out our resources here which can hopefully help.
Have a question?
Feel free to open an issue if you have any questions. You are also welcome to join our Slack workspace and ask there.
Set up
See gradle-curiostack-plugin README for setting up the gradle plugins.
Developing
Curiostack only requires bash.
First run
$ ./gradlew :setup
to set up all required tools, by downloading openjdk, python, gcloud, node, golang, etc, and inserting a PATH setting into zshrc and bashrc. There won't be any version conflicts between e.g., system-installed nodejs and gradle-installed nodejs as gradle-installed nodejs will be the one on the path when running Gradle invocations. In addition, any bash invocations of commands when inside the repository will use the managed tool. Outside the repository, system tools will be used as normal.
IDE
Curiostack only has a dependency on Java. However, IntelliJ is highly recommended for development. The free community edition is sufficient for Java development, while the pro edition may provide a more integrated IDE for both server and client development. Many users will choose to use IntelliJ community edition for server side development and Atom or Visual Studio Code for client side.
To work on IntelliJ, clone the repository and in a command line, run
$ ./gradlew idea
to generate initial IntelliJ configuration. Then open up the folder in IntelliJ and say yes when it asks you to link the project.
All code-style, license, etc setup will be done automatically, and you're ready to code.
FAQs
Unknown package
We found that org.curioswitch.curiostack:armeria-google-map-services demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 15 May 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025