Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@entropyxyz/x25519-chacha20poly1305-web
Advanced tools
WARNING: This code has not been audited and is not yet suitable for production. Use at your own risk.
NOTE: make sure you have your C archiver and compiler env vars set, or
secp256k1-sys
will fail to builde.g.
AR=/opt/homebrew/opt/llvm/bin/llvm-ar
CC=/opt/homebrew/opt/llvm/bin/clang
Nodejs package for x25519 key exchange and chacha20poly1305 encryption, written in Rust compiled to WASM.
See example/ci-test.sh
for example of how to install both rust and javascript dependencies.
Compile a nodejs/wasm library from the Rust source.
make
Link the nodejs/wasm library locally.
make link
After compiling and linking, run:
ts-node example/test.ts
links to packages on npm:
make build-nodejs
./pkg/package.json
for the desired platform -nodejs
and add the @entropyxyz
org name, eg: "name": "@entropyxyz/x25519-chacha20poly1305-nodejs"
npm publish
web
and bundler
with eg: make build-web
and then change the package names again in package.json before re-publishing.FAQs
x25519 & chacha20poly1305
We found that @entropyxyz/x25519-chacha20poly1305-web demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.