Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
IPGeo is a promise based JavaScript wrapper around popular IP Geolocation APIs.
To setup an instance of IPGeo you'll need to import the library and then create an instance from the IPGeo class.
First add it to your repo:
yarn add @bva/ipgeo
Then use it in your JavaScript:
import IPGeo from "@bva/ipgeo";
const geo = new IPGeo();
geo.getGeo().then(data => console.log(data));
When initializing a new IPGeo instance an optional options
argument can be passed to the Class instantiation. The options
argument is an Object
can have the following properties:
Service is the web service you want to use and can be any of the following values:
geojs
(default) - https://www.geojs.io/ipapi
- https://ipapi.co/This method makes a request to the geo service and returns JSON response wrapped in a promise.
Example
geo.getGeo().then(data => console.log(data));
If using GeoJS the above code will log a JSON object that looks like this. Otherwise, it will log the chosen service's JSON structure.
Note: The first call to .getGeo()
will result in an API call which will store the data in sessionStorage under ipgeo
. All subsequent calls will pull data from sessionStorage unless it is not supported in the browser.
This will remove geo data stored in sessionStorage under ipgeo
. If the browser doesn't support it nothing will happen.
The data stored in sessionStorage is under the name ipgeo
and is base64 encoded. To view the actual data you'll need to decode it using atob()
.
Example:
console.log(JSON.parse(atob(sessionStorage.getItem("ipgeo"))));
FAQs
A promise based JavaScript wrapper around popular IP Geolocation APIs
We found that @bva/ipgeo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.