![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@ckeditor/ckeditor5-typing
Advanced tools
Package description
@ckeditor/ckeditor5-typing is a package that provides typing-related features for CKEditor 5, a modern JavaScript rich text editor. This package includes functionalities such as input handling, text transformations, and undo/redo support, which are essential for creating a seamless and user-friendly text editing experience.
Input Handling
This feature handles the basic input from the user, ensuring that text is correctly inserted into the editor. The code sample demonstrates how to include the Typing plugin in a CKEditor 5 instance.
import Typing from '@ckeditor/ckeditor5-typing/src/typing';
ClassicEditor
.create( document.querySelector( '#editor' ), {
plugins: [ Typing, ... ],
toolbar: [ ... ]
} )
.then( editor => {
console.log( 'Editor was initialized', editor );
} )
.catch( error => {
console.error( error.stack );
} );
Text Transformations
This feature provides automatic text transformations, such as converting quotes to smart quotes or converting -- to an em dash. The code sample shows how to include the TextTransformation plugin in a CKEditor 5 instance.
import TextTransformation from '@ckeditor/ckeditor5-typing/src/texttransformation';
ClassicEditor
.create( document.querySelector( '#editor' ), {
plugins: [ TextTransformation, ... ],
toolbar: [ ... ]
} )
.then( editor => {
console.log( 'Editor was initialized', editor );
} )
.catch( error => {
console.error( error.stack );
} );
Undo/Redo Support
This feature allows users to undo and redo their actions within the editor. The code sample demonstrates how to include the Undo plugin and add undo/redo buttons to the toolbar in a CKEditor 5 instance.
import Undo from '@ckeditor/ckeditor5-undo/src/undo';
ClassicEditor
.create( document.querySelector( '#editor' ), {
plugins: [ Undo, ... ],
toolbar: [ 'undo', 'redo', ... ]
} )
.then( editor => {
console.log( 'Editor was initialized', editor );
} )
.catch( error => {
console.error( error.stack );
} );
Quill is a modern WYSIWYG editor built for compatibility and extensibility. It offers similar typing and text transformation features, but with a different API and plugin system compared to CKEditor 5.
TinyMCE is another popular rich text editor that provides a wide range of features, including input handling, text transformations, and undo/redo support. It is highly customizable and has a large plugin ecosystem, similar to CKEditor 5.
Draft.js is a JavaScript rich text editor framework, built by Facebook, that allows for extensive customization and control over the editor's behavior. It provides similar functionalities but requires more setup and configuration compared to CKEditor 5.
Readme
This package implements support for typing (inputting and deleting text) in CKEditor 5. It also includes the automatic text transformations (autocorrect) feature that lets you automatically turn predefined snippets into their improved forms.
See the @ckeditor/ckeditor5-typing
package page in CKEditor 5 documentation.
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md
file or https://ckeditor.com/legal/ckeditor-oss-license.
FAQs
Unknown package
We found that @ckeditor/ckeditor5-typing demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.