
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@arcjet/analyze-wasm
Advanced tools
@arcjet/analyze-wasmArcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, and defense against common attacks.
This package provides WebAssembly bindings to Arcjet's local analysis engine.
This package provides logic in WebAssembly to locally analyze requests.
To load these binary files everywhere until something like
Import Bytes is available,
we settled on a technique that seems to work well everywhere.
This technique gives us compatibility with for example Next.js which right now
requires a special experimental asyncWebAssembly webpack configuration,
The file _virtual/arcjet_analyze_js_req.component.core.js contains the
WebAssembly inlined as a data: URL.
This is about 3 times smaller than using a Uint8Array (see
Better Binary Batter: Mixing Base64 and Uint8Array for more
info).
That URL is then turned into an ArrayBuffer and passed to
WebAssembly.compile.
The files here are generated.
They are wrapped up into @arcjet/analyze for use in
JavaScript,
in turn exposed in our core package
([arcjet][github-arcjet-arcjet])
and our SDKs (such as @arcjet/next).
This is an internal Arcjet package not designed for public use. See our Get started guide for how to use Arcjet in your application.
This package is ESM only. Install with npm in Node.js:
npm install @arcjet/analyze-wasm
Use @arcjet/analyze instead.
FAQs
WebAssembly bindings to Arcjet's local analysis engine
The npm package @arcjet/analyze-wasm receives a total of 47,748 weekly downloads. As such, @arcjet/analyze-wasm popularity was classified as popular.
We found that @arcjet/analyze-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.