Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@adv-ui/boros-tcf-stub
Advanced tools
@adv-ui/boros-tcf-stub
Adevinta GDPR - Transparency and Consent Framework - Stub for Boros TCF
Boros TCF Stub
Table of Contents
About
The Boros TCF stub implements the standard TCF v2 stub
Features
-
Registers the
__tcfapiLocatorframe -
Stubs the
window.__tcfapiresponding immediately to the commandspingSee PingReturn in the stubbed __tcfapipendingreturns the pending calls accumulated while callingwindow.__tcfapicommandsonReadyreturns the optional registeredonReadycallback
-
Initializes the cross-framee communication via
postMessagee, see usage details
Usage
As an importable module
Use it this way if you're generating your own initialization
Install
npm i @adv-ui/boros-tcf-stub --save
Register the Stub
import registerStub from '../main'
// do your magic
registerStub()
Register the Stub with an onReady callback
This allows creating additional commands that can have access to the Boros TCF API facade.
import registerStub from '../main'
const onReady = api => initializeCustomCommands(api)
registerStub({onReady})
The
onReadycallback will be called after Boros TCF initializes thewindow.__tcfapiand before processing any pending command in the stub's queue.
Remember that the Stub must be registered before any script depending on the TCF is loaded
As a standalone script
Add it to the head tag
<script
src="https://c.dcdn.es/borostcf/stub/BorosTcfStub.pro.js"
async="false"
/>
This does not accept registering an
onReadycallback. Import theregisterStuband generate your own script if it's a need.
License
Boros TCF Stub is MIT licensed.
FAQs
Adevinta GDPR - Transparency and Consent Framework - Stub for Boros TCF
We found that @adv-ui/boros-tcf-stub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Mar 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025