Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@bothrs/util
Advanced tools
Here you can find a list of all the main utils being exported by this package.
More in depth, generated, documentation can be found on the gh pages.
The following utils can be imported from @bothrs/util/<utilname>
Manage Airtable data based on standard env variables.
await select('Blogposts')
=> Load blogposts
await timeout(1000)
=> Wait for 1 second
const busy = await isPending(promise)
=> Check if promise is pending
const [error, data] = await to(promise)
=> Unwrap promise
Manage Airtable data.
await select({ app: '', key: '' }, 'Blogposts')
=> Load blogposts
Fetch JSON + shorthand for Authorization: Bearer
Note: when using this on a node server, fetch needs to be polyfilled node-fetch suggests doing this like:
import fetch from 'node-fetch'
if (!globalThis.fetch) {
//@ts-ignore
globalThis.fetch = fetch
}
Read and write from filesystem using promises.
Minimal helper for localStorage
Optimize common requests.
Generate random strings and UUIDs.
Filter uniq items from an array.
Manage URLs.
serialize({ example: 'ok' })
=> Build a querystring
The mjs files contain code that could benefit from
some triage;either refactored into ts
files or removed.
Download translations table from Airtable and write to file that can be imported.
Optimistically load translations table from Airtable.
Manage command line.
console.log(green('Success'))
=> Log "success" in green
Demo CDN integration
Command line colors
console.log(green('Success'))
=> Log "success" in green
Svelte store for reconnecting websocket.
Read and write cookies.
Copy to clipboard
Manage dates
Download files
Format strings
Hash shorthands
const hash = md5('test')
Svelte store for user inactivity
const { sub } = unsafeDecode('eY...')
=> Decode JWT
Load knex instance with config based on standard env variables.
import { knex } from 'knex-env'
=> Ready to use knex instance
Knex config based on standard env variables.
Load leaflet JS and CSS.
Load scripts, stylesheets and CSS.
Svelte store for location
Stream logs to a file.
Send mailgun messages.
Render basic markdown to HTML.
Functions with numbers
Load Messenger SDK.
Disable scroll behind modals.
Svelte store for device orientation
Hash and verify passwords.
Get a random element from an array.
Initialize Sentry based on standard env variables.
Send emails with nodemailer based on standard env variables.
Connect to a socket.io server.
Svelte store helpers
Svelte store for light/dark theme
Translation helpers
Launch a Typeform widget.
Load the Voxeet SDK.
Helpers to protect against XSS
FAQs
Common helper functions
The npm package @bothrs/util receives a total of 192 weekly downloads. As such, @bothrs/util popularity was classified as not popular.
We found that @bothrs/util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.