Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@condenast/cross-check-dsl
Advanced tools
A low-level validation library. Built on top of @condenast/cross-check. Detailed philosophy about cross-check can be found in @condenast/cross-check
.
It was originally extracted from Condé Nast's CMS and sponsored by Condé Nast.
It's largely focused on building a small, flexible, but useful core primitive for composing validations. This library focuses on ensuring that validators can be composed easily in various useful ways. The composition goals were informed by Condé Nast's working system, since the first iteration of this library successfully replaced existing validators in its production system.
The short version of the philosophy of cross-check:
The @condenast/cross-check
repository unpacks these points in much greater detail.
npm install
npm test
cross-check was originally extracted from Condé Nast's CMS, and the work to extract it and release it as open source was funded by Condé Nast.
FAQs
A DSL for building validations.
The npm package @condenast/cross-check-dsl receives a total of 140 weekly downloads. As such, @condenast/cross-check-dsl popularity was classified as not popular.
We found that @condenast/cross-check-dsl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 354 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.