Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@cremadesign/captcha
Advanced tools
Readme
I began developing this plugin in 2013 with a simple goal in mind: block spam without annoying users. Your clients don't want to decipher garbled words or play "Find the Storefront". They just want a simple contact form that works. Over several years, this project evolved from a disjointed medly of basic functions into a customizable pure javascript plugin with advanced captcha filters.
Crema Captcha's build process requires NPM, Rollup, and a few plugins. This open-source setup allows us to write newer javascript with modern ES6 features such as import statements and tree-shaking unused functions. Rollup compiles everything to the dist/
directory using the following NPM plugins:
src/index.js
is the main entry point for the JS compile script. So be sure to start there.
The compiled JS plus its sourcemap is written to the dist/
directory.
To compile your JS (excl. minification) whenever you make a change to a JS file. This will automatically compile changes to our captcha at captcha.test, but will not be added to Cremastrap.
yarn watch
To compile your JS for production (incl. minification), run:
yarn build
Adding it to a website is easy. See the init instructions on the official site: https://captcha.cremadesignstudio.com/
My build process was heavily inspired by three different build scripts:
FAQs
This modular javascript plugin inserts a checkbox captcha into the specified form and checks the honeypot, checkbox, and required fields on every field change. If valid, it enables the submit button, adds a form method, and inserts the provided form actio
We found that @cremadesign/captcha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.