
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@aws-sdk/middleware-user-agent
Advanced tools
[](https://www.npmjs.com/package/@aws-sdk/middleware-user-agent) [](https://www.npmjs.c
The 'useragent' package is used to parse user agent strings. It can detect browser, engine, OS, CPU, and device type/model from parsed user agent strings. Unlike @aws-sdk/middleware-user-agent, which is specifically designed for AWS SDKs to manipulate User-Agent headers, 'useragent' provides broader parsing capabilities for any user agent string.
This is a simple Express.js middleware for exposing user-agent details to your application. It parses the user-agent string and adds an object with the details to the request object. While it serves a different context (web servers rather than AWS SDK clients), it shares the concept of processing user-agent information.
FAQs
[](https://www.npmjs.com/package/@aws-sdk/middleware-user-agent) [](https://www.npmjs.c
The npm package @aws-sdk/middleware-user-agent receives a total of 47,599,398 weekly downloads. As such, @aws-sdk/middleware-user-agent popularity was classified as popular.
We found that @aws-sdk/middleware-user-agent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.