
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@colophon/github-client
Advanced tools
Discover and parse Colophon files in your GitHub repositories.
npm install --save @colophon/github-client
Use the exposed methods to:
getAuthedClient
(see options here).getAuthToken
. This token can be stored and then used to simplify consequent requests.getColophonData
. If not passing any options, the user's personal repositories will be parsed with the default options (perPage - 100, concurrency - 10).const { getAuthedClient, getAuthToken, getColophonData } = require('./index.js')
const authedClient = getAuthedClient({ type: 'basic', username: 'username', password: 'password' })
const token = await getAuthToken(authedClient) // not using 2FA OR
const token = await getAuthToken(authedClient, otpCode) // if 2FA is on and using a CLI to get the OTP code from the user
const colophonData = await getColophonData(authedClient, { org: 'acme', perPage: 100, concurrency: 5 })
See more details about Colophon schema here.
License: ISC • Copyright: Colophon Project
FAQs
@colophon/github-client
The npm package @colophon/github-client receives a total of 2 weekly downloads. As such, @colophon/github-client popularity was classified as not popular.
We found that @colophon/github-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.