
Research
/Security News
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.
@cosmjs/math
Advanced tools
This package is part of the cosmjs repository, licensed under the Apache License 2.0 (see NOTICE and LICENSE).
decimal.js is a library for arbitrary-precision decimal arithmetic. It offers similar functionality to @cosmjs/math's Decimal class, providing precise control over decimal calculations. It is more feature-rich in terms of configuration options and supports a wider range of mathematical functions.
big.js is another library for arbitrary-precision decimal arithmetic. It is lightweight and focuses on providing basic arithmetic operations with high precision, similar to @cosmjs/math's Decimal class. It is less feature-rich than decimal.js but is smaller in size, making it suitable for environments where bundle size is a concern.
bignumber.js provides a comprehensive set of functions for working with large numbers, including support for both integer and decimal arithmetic. It is similar to @cosmjs/math in its ability to handle large numbers but offers more extensive functionality and configuration options.
FAQs
Math helpers for blockchain projects
The npm package @cosmjs/math receives a total of 213,754 weekly downloads. As such, @cosmjs/math popularity was classified as popular.
We found that @cosmjs/math demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.

Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.

Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.