![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@availity/env-var
Advanced tools
Readme
Get run-time environment variables for immutable builds
npm install @availity/env-var --save
Given an object of possible values and get back the value for the current environment.
import envVar from '@availity/env-var';
const myEnvVal = envVar(valuesObject[, windowOverride]);
local
param in the valuesObject
var.import envVar from '@availity/env-var';
const myEnvVal = envVar({prod: '123', qa: '234', local: '345'});
/*
depending on which environment this is ran in, myEnvVal would be something different
in prod: myEnvVal will be '123'
in qa: myEnvVal will be '234'
in test: myEnvVal will be '345' (defaults to local if env is not found)
*/
Set the potential environments and the tests used to determine which environment the code is currently being executed in.
import { setEnvironments } from '@availity/env-var';
setEnvironments(possibleEnvironments[, replaceExisting])
These tests can be
test
d with the domain.import { setEnvironments } from '@availity/env-var';
setEnvironments({
local: ['127.0.0.1', 'localhost'],
test: [/^t(?:(?:\d\d)|(?:est))-apps$/],
qa: [/^q(?:(?:\d\d)|(?:ap?))-apps$/],
prod: [/^apps$/],
myEnv: ['custom-stuff-here']
});
FAQs
Unknown package
The npm package @availity/env-var receives a total of 187 weekly downloads. As such, @availity/env-var popularity was classified as not popular.
We found that @availity/env-var demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.