![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@0x/contracts-broker
Advanced tools
Readme
This package contains the implementation of the Broker
contract. This contract serves as an entry-point to the 0x Exchange for the filling of property-based orders. Addresses of the deployed contracts can be found in this 0x guide or the DEPLOYS file within this package.
Install
npm install @0x/contracts-broker --save
A bug bounty for the 3.0 contracts is ongoing! Instructions can be found here.
We strongly recommend that the community help us make improvements and determine the future direction of the protocol. To report bugs within this package, please create an issue in this repository.
For proposals regarding the 0x protocol's smart contract architecture, message format, or additional functionality, go to the 0x Improvement Proposals (ZEIPs) repository and follow the contribution guidelines provided therein.
Please read our contribution guidelines before getting started.
If you don't have yarn workspaces enabled (Yarn < v1.0) - enable them:
yarn config set workspaces-experimental true
Then install dependencies
yarn install
To build this package and all other monorepo packages that it depends on, run the following from the monorepo root directory:
PKG=@0x/contracts-broker yarn build
Or continuously rebuild on change:
PKG=@0x/contracts-broker yarn watch
yarn clean
yarn lint
yarn test
Contracts testing options like coverage, profiling, revert traces or backing node choosing - are described here.
FAQs
Unknown package
We found that @0x/contracts-broker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.