Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@esri/telemetry
Advanced tools
@esri/telemetry
This is the "core" package for ArcGIS-Telemetry.js. It is necessary for sending data to analytics platforms such as Google, Adobe, and AWS.
Table of Contents
Installation
npm install @esri/telemetry
Usage
import { Telemetry } from '@esri/telemetry';
const telemetry = new Telemetry({
plugins: [list of plugins goes in here]
});
// in server
const scriptTags = telemetry.getScriptTags();
// now inject script tags into html page before sending it down
// in browser
await telemetry.init();
// now it is ready to go
Issues
If something isn't working, please take a look at previously logged issues first. Have you found a new bug? Create an issue here.
Contributing
Esri welcomes contributions from anyone and everyone. Please see our guidelines for contributing.
License
Copyright © 2022 Esri
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
A copy of the license is available in the repository's LICENSE file.
FAQs
A JavaScript Implementation of the ArcGIS Telemetry Specification
The npm package @esri/telemetry receives a total of 1,332 weekly downloads. As such, @esri/telemetry popularity was classified as popular.
We found that @esri/telemetry demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 48 open source maintainers collaborating on the project.
Package last updated on 15 Apr 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025