Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bolt/analytics-autolink
Advanced tools
Helper library to automatically applies GA autolink click tracking query strings to Bolt components that point to external domains.
npm install @bolt/analytics-autolink
.boltrc.js
config:module.exports = {
components: {
global: [
'@bolt/analytics-autolink',
//...
]
}
}
// ex. main.js
import '@bolt/analytics-autolink';
//
For example, a typical GA config might look similar to this:
<head>
<script src="https://www.google-analytics.com/analytics.js" async></script>
<script>
// replace with your own GA tracking #
const TRACKING_ID = 'UA-123456789-0';
// prep GA data if it doesn't yet exist
window.ga = window.ga || ((...args) => (ga.q = ga.q || []).push(args));
ga('create', TRACKING_ID, 'auto', { allowLinker: true });
ga('send', 'pageview');
ga('set', 'transport', 'beacon');
ga('require', 'linker');
// See Step 3 below on configuring which domains to track
// window.bolt = window.bolt || {};
// window.bolt.analytics = window.bolt.analytics || {};
// window.bolt.analytics.autolink = window.bolt.analytics.autolink || {
// domains: ['google.com'] // domains to configure
// };
// ga('linker:autoLink', window.bolt.analytics.autolink.domains);
</script>
Option 1. Via a global Bolt config. For example:
<script>
window.bolt = window.bolt || {};
window.bolt.autolink = {
domains: ['google.com'], // domains to track
};
// make sure GA's linker:autoLink points to the domains configured
ga('linker:autoLink', window.bolt.autolink.domains);
</script>
Option 2. This can also be configured via a Drupal config. For example:
<script>
window.drupalSettings = {
google_analytics: {
trackCrossDomains: ['pega.com'], // domains to track
},
};
// make sure GA's linker:autoLink points to the domains configured
ga('linker:autoLink', window.drupalSettings.google_analytics.trackCrossDomains);
</script>
FAQs
Adds Google Analytics tracking support to the Bolt Design System.
The npm package @bolt/analytics-autolink receives a total of 7 weekly downloads. As such, @bolt/analytics-autolink popularity was classified as not popular.
We found that @bolt/analytics-autolink demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.