Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@evokegroup/oauth2
Advanced tools
@evokegroup/oauth2
Library for helping with OAuth 2.0 authorizations
Class: OAuth2
Class: OAuth2.AccessToken
constructor({ authResponse, value = null, expires = 0 })
| Parameter | Type | Default | Description |
|---|---|---|---|
| authResponse | object,string | The authorization response | |
| value | string | null | An existing access token value |
| expires | number | 0 | The expiration date for an existing token |
get value => string
Returns the access token value
get expires => number
Returns the expiration date
get created => number
Returns the date the AccessToken was created
get(parameter = null) => object | string
Get a parameter that was returned with the authorization response or all parameters if null
isExpired() => boolean
toJSON() => object
For JSON.stringify
toObject() => object
static parse(obj) => OAuth2.AccessToken
Parses an AccessToken
Class: OAuth2.Authorizer
Abstract base class for authorization implementations
abstract getAccessToken() => OAuth2.AccessToken
abstract setAccessToken(accessToken)
authorize() => Promise<OAuth2.AccessToken>
Determines if a valid AccessToken exists via getAccessToken and is valid via AccessToken.isExpired and if so resolved the Promise passing in the token. Otherwise authenticate is called.
abstract authenticate() => Promise<OAuth2.AccessToken>
Class: OAuth2.WebTokenAuthorizer extends OAuth2.Authorizer
An OAuth2.Authorizer implementation which makes a web request to retrive the token
constructor(args)
| Parameter | Type | Default | Description |
|---|---|---|---|
| url | string | The authentication server URL | |
| clientId | string | null | The client_id parameter |
| clientSecret | string | null | The client_secret parameter |
| scope | string | null | The scope parameter |
| grantType | string | client_credentials | The grant_type parameter. If for some reason this should not be part of the payload, set it to null. |
| parameters | object | {} | Additional payload parameters. Overrides other data. |
| contentType | string | application/json | The Content-Type request header. |
| headers | object | {} | Additional request headers. Override other data. |
| timeout | number | 30000 | The request timeout in milliseconds |
| cache | boolean | true | If true, the OAuth2.AccessToken created during authentication will be cached and reused while valid |
const OAuth2 = require('@evokegroup/oauth2');
const webTokenAuthorizer = new OAuth2.WebTokenAuthorizer({
url: 'https://api.domain.com/auth/token',
clientId: 'abc',
clientSecret: '123'
});
webTokenAuthorizer.authorize()
.then((accessToken) => {
// do something with the access token
})
FAQs
Helper for OAuth2
We found that @evokegroup/oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 06 Jun 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025