Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@bevry/github-commit
Advanced tools
@bevry/github-commit
Fetch the latest commit of a GitHub repository
Usage
// import the library
import getCommit from '@bevry/github-commit`
// fetch the commit
const commit = await getCommit('bevry/github-commit').catch((err) => {
// if something went wrong, such as unauthorized, empty repository, no internet connection
// then log the error as a warning
console.warn(err)
// and fallback to master
return 'master'
})
// log the eventual result
console.log(commit)
Install
npm
- Install:
npm install --save @bevry/github-commit - Import:
import pkg from ('@bevry/github-commit') - Require:
const pkg = require('@bevry/github-commit').default
Skypack
<script type="module">
import pkg from '//cdn.skypack.dev/@bevry/github-commit@^1.1.0'
</script>
unpkg
<script type="module">
import pkg from '//unpkg.com/@bevry/github-commit@^1.1.0'
</script>
jspm
<script type="module">
import pkg from '//dev.jspm.io/@bevry/github-commit@1.1.0'
</script>
Editions
This package is published with the following editions:
@bevry/github-commit/source/index.tsis TypeScript source code with Import for modules@bevry/github-commit/edition-browsers/index.jsis TypeScript compiled against ES2020 for web browsers with Import for modules@bevry/github-commitaliases@bevry/github-commit/edition-es2019/index.js@bevry/github-commit/edition-es2019/index.jsis TypeScript compiled against ES2019 for Node.js 10 || 12 || 14 || 16 with Require for modules@bevry/github-commit/edition-es2019-esm/index.jsis TypeScript compiled against ES2019 for Node.js 12 || 14 || 16 with Import for modules
History
Discover the release history by heading on over to the HISTORY.md file.
Contribute
Discover how you can contribute by heading on over to the CONTRIBUTING.md file.
Backers
Maintainers
These amazing people are maintaining this project:
Sponsors
No sponsors yet! Will you be the first?
Contributors
These amazing people have contributed code to this project:
Discover how you can contribute by heading on over to the CONTRIBUTING.md file.
License
Unless stated otherwise all works are:
- Copyright © 2020+ Benjamin Lupton
and licensed under:
v1.1.0 2021 August 5
- Updated for
@bevry/github-api - Updated dependencies, base files, and editions using boundation
FAQs
Fetch the latest commit of a GitHub repository
The npm package @bevry/github-commit receives a total of 1 weekly downloads. As such, @bevry/github-commit popularity was classified as not popular.
We found that @bevry/github-commit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 04 Aug 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025