![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@ensuro/extensions
Advanced tools
Readme
This package contains several extension / utility contracts to be used with the Ensuro Protocol.
Try running some of the following tasks:
npx hardhat help
npx hardhat test
GAS_REPORT=true npx hardhat test
The objective of this contract is to support the operation of some partners that receive the money of the premiums several weeks after the policy was sold. This contract lends the money to pay the premiums while keeping the ownership of the policies as collateral. When there's a payout, it retains the funds up to cover the debt and releases the remaining to a previously configured address.
This is an implementation of LPManualWhitelist with an additional endpoint that verifies a Quadrata passport before whitelisting a new provider.
The supported roles are:
LP_WHITELIST_ROLE
: Can whitelist providers bypassing quadrata's checkQUADRATA_WHITELIST_ROLE
: Can whitelist providers that have a quadrata passport with the required attributesLP_WHITELIST_ADMIN_ROLE
: Can change the contract settings and perform upgradesDEFAULT_ADMIN_ROLE
: Can grant roles to addressesCheckout Quadrata's docs for the available attributes.
Checkout the method _validateRequiredAttribute
for attributes with special validations.
FAQs
Unknown package
We found that @ensuro/extensions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.