
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@contrast/patcher
Advanced tools
Advanced monkey patching--registers hooks to run in and around functions
@contrast/patcher
Monkey patching.
This was ported directly from the node-agent
but code with every dependency commented out. As a result there are differences in parity.
Removed dependency on AsyncStorage
.
Old Behavior
Pre and post hooks only run when async storage context indicates an active request scope.
New Behavior
Hooks always run, independent of request scope.
Removed dependency on agent
and perf-logger
.
Old Behavior
A configuration setting would allow for logging of perf data of hooks and original function calls.
New Behavior
Performance logging of hooks is non-funcitonal.
Removed the dependency on scopes
.
Old Behavior
One could specify a scope
in the hook options and the original function would be run in that scope. This allowed control over when to run instrumentaion based on current scope value.
Also, the alwaysRun
option forced hooks to run independent of scope state.
New Behavior
There are no notions of scopes yet in v5. Patcher instrumentation always runs.
The scope
and alwaysRun
options are effectively ignored.
Removed the dependency on tracker
.
Old Behavior
We used to short-circuit __add
function if tracker showed all arguments to be untracked.
New Behavior
We do not make this check; no short-circuiting.
FAQs
Advanced monkey patching--registers hooks to run in and around functions
We found that @contrast/patcher demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.