Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@datalens-tech/xlsx
Advanced tools
Since the authors of the original package left GitHub and npm that makes most of the community unable to access their package without vulnerabilities, https://github.com/e965 decided to make this project. It automatically takes a fresh version of SheetJS from their git repository, and publishes to npm if the version is different. The whole process is automated and works through Github Actions.
Why fork?
We created fork of original repository, because we want to control integrity of published libraries.
The SheetJS Community Edition offers battle-tested open-source solutions for extracting useful data from almost any complex spreadsheet and generating new spreadsheets that will work with legacy and modern software alike.
SheetJS Pro offers solutions beyond data processing: Edit complex templates with ease; let out your inner Picasso with styling; make custom sheets with images/graphs/PivotTables; evaluate formula expressions and port calculations to web apps; automate common spreadsheet tasks, and much more!
https://oss.sheetjs.com/notes/: File Format Notes
ssf
: Format data using ECMA-376 spreadsheet format codes
xlsx-cli
: NodeJS command-line tool for processing files
cfb
: Container (OLE/ZIP) file
processing library
codepage
: Legacy text
encodings for XLS and other legacy spreadsheet formats
dta
: Stata DTA file processor
test_files
: Test files and various
plaintext baselines.
Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 License are reserved by the Original Author.
FAQs
SheetJS Spreadsheet data parser and writer
The npm package @datalens-tech/xlsx receives a total of 646 weekly downloads. As such, @datalens-tech/xlsx popularity was classified as not popular.
We found that @datalens-tech/xlsx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.