Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@adv-ui/boros-tcf
Advanced tools
Boros TCF is a stand alone Consent Management Provider solution compliant with the "Transparency & Consent Framework version 2.0" standard established by the IAB Europe.
Initialization with Stub, see details here
Extra cookie storage
A cookie named "borosTcf" is stored with the user consents stringified data, encoded in Base64.
Sample borosTcf
value: eyJwb2xpY3lWZXJzaW9uIjoyLCJjbXBWZXJzaW9uIjoxLCJwdXJwb3NlIjp7ImNvbnNlbnRzIjp7IjEiOnRydWUsIjIiOnRydWUsIjMiOnRydWUsIjQiOnRydWUsIjUiOnRydWUsIjYiOnRydWUsIjciOnRydWUsIjgiOnRydWUsIjkiOnRydWUsIjEwIjp0cnVlfX0sInNwZWNpYWxGZWF0dXJlcyI6eyIxIjp0cnVlfX0=
The encoded data in this sample value, and the cookie encoded data structure is:
{
"policyVersion": 2,
"cmpVersion": 1,
"purpose": {
"consents": {
"1": true,
"2": true,
"3": true,
"4": true,
"5": true,
"6": true,
"7": true,
"8": true,
"9": true,
"10": true
}
},
"specialFeatures": {
"1": true
}
}
To decode the cookie, p.ex.:
// Java
String decoded = new String(Base64.getDecoder().decode(cookieValue));
// Node
const decoded = Buffer.from(cookieValue, 'base64').toString()
npm i @adv-ui/boros-tcf
import BorosTcf from '@adv-ui/boros-tcf'
const borosTcf = BorosTcf.init()
Allowed initialization parameters
BorosTcf.init({language, reporter})
language
(optional, defaults to 'es'), a valid two-letter ISO 639-1 language codereporter
(optional), a function which can receive (event, payload)
parameters. Boros TCF relevant actions will be notified to the reporter, which can be used p.ex. to debug.Boros TCF actually will report events
- LISTENER_ERROR: any error on registered event status listeners
- USE_CASE_CALLED: any call to the use cases, which has finished OK
- USE_CASE_ERROR: any call to the use cases, which has failed due to an error
- LOAD_CONSENT_ERROR: loading the stored consent catched an error and an empty consent will be returned
Boros TCF is MIT licensed.
FAQs
Adevinta GDPR - Transparency and Consent Framework - API
The npm package @adv-ui/boros-tcf receives a total of 19 weekly downloads. As such, @adv-ui/boros-tcf popularity was classified as not popular.
We found that @adv-ui/boros-tcf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.