
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
@cornflea/react-pcc
Advanced tools
A CLI tool that finds the latest compatible version of any npm package for your project's current React version.
A CLI utility to check which version of a package is compatible with the React version in your project.
@mui/material, @testing-library/react)npm install -g @cornflea/react-pcc
react-pcc <package-name>
--help Show help information--version Show version number--debug Show debug information for troubleshooting# Regular package
react-pcc zustand
# Scoped package
react-pcc @mui/material
# TypeScript types
react-pcc @types/react
# With debug information
react-pcc @emotion/react --debug
This tool fully supports scoped packages (packages starting with @). When using scoped packages:
@scope/package-name"@mui/material"If you encounter issues with scoped packages, try these troubleshooting steps:
Use quotes around the package name:
react-pcc "@mui/material"
Check for typos in the scope or package name:
# ❌ Incorrect
react-pcc @mui
# ✅ Correct
react-pcc @mui/material
Use debug mode to see what's being processed:
react-pcc @mui/material --debug
Verify the package exists on npm:
Visit https://www.npmjs.com/package/@scope/package-name to confirm the package exists.
package.json to find the React versionpeerDependenciesThis project is built with TypeScript and includes modern development tooling.
git clone https://github.com/cornflea/react-pcc.git
cd react-pcc
npm install
# Build once
npm run build
# Build and watch for changes
npm run build:watch
npm test
# Build and test the CLI locally
npm run build
node dist/index.js <package-name>
This package uses GitHub Actions for automated CI/CD:
Continuous Integration: Runs on every push and pull request
Automated Publishing: Publishes to npm when a GitHub release is created
NPM_TOKEN secret to be set in GitHub repository settingsnpm run prepublishOnly # Cleans and builds
npm publish
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate and ensure TypeScript compilation passes.
MIT
FAQs
A CLI tool that finds the latest compatible version of any npm package for your project's current React version.
The npm package @cornflea/react-pcc receives a total of 3 weekly downloads. As such, @cornflea/react-pcc popularity was classified as not popular.
We found that @cornflea/react-pcc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.