Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@evolv-delivery/emitter
Advanced tools
@evolv-delivery/emitter
(Deprecated) Provides mechanism to generate events outside of an experiment
Emitter
Deprecated
This package is being deprected and is no longer supported. Please use https://www.npmjs.com/package/@evolv-delivery/metrics for any event processing.
Setup in the Evolv Manager
Adding an integration to the Evolv Manager
Structure of json config
The top level key is pages that contains an array of page matches that events may occur in. Each of these pages contains filters and events.
filters
The filters contains an array of conditionals. Each of these conditionals must be met on a page before the given events are monitor. The conditionals are based on the Evolv audience/context and will be reevaluated when those values are updated.
- key - the context/audience attribute that is being matched against
- value - a regex that satisfies for the key
events
The events contains an array containing all possible events that may occur on a given page. Each object in the array needs to contain tag, activate, and a optional monitor.
tag
The tag is a string that rerpesents the event tag value that is sent to Evolv when the requirements within the activate are met.
activate
The activatecontains an object specifying under what circumstances the event should occur. It contains the following two key value pairs:
- on - specifies the event type to activate based on
- selectors - needed to specify the dom elements for any non
page-loadevents.
monitor
The monitor will be depricated in the future, but it currently requires the following json for non page-load events:
"monitor": {
"type": "observer",
"selectors":[]
},
Example
The following shows examples of each of the options available.
{"pages": [
{
"filters": [
{
"key": "web.url":
"value": "/products",
},
{
"key": "pageName",
"value": "gridwall"
}
]
"events": [
{
"tag": "gridwall.page-load",
"activate": {
"on": "pageload",
}
},
{
"tag": "gridwall-cta-all",
"activate": {
"on": "click",
"selector": "[class*='Tile'], [href*='bring-your-own-device']"
},
"monitor": {
"type": "observer",
"selectors":[]
}
}
]
}
]
}
Keywords
FAQs
(Deprecated) Provides mechanism to generate events outside of an experiment
The npm package @evolv-delivery/emitter receives a total of 0 weekly downloads. As such, @evolv-delivery/emitter popularity was classified as not popular.
We found that @evolv-delivery/emitter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 17 Jul 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025