Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@grafana/levitate
Advanced tools
@grafana/levitate
A tool for helping to understand APIs exported and consumed by NPM packages (or any TypeScript code).
🔮 Levitate
A tool for helping to understand APIs exported and consumed by NPM packages (or any TypeScript code).
Usage
Compare exports of different package versions
# Compare exports of different versions of a package
npx @grafana/levitate compare \
--prev @grafana/ui@8.2.5 \
--current @grafana/ui@canary
List imports
# List the imports used by a program
npx @grafana/levitate list-imports \
--path <PATH-TO-A-PACKAGE>/module.ts \
--filters "@common/pages" "@grafana/data" \
--verbose
List exports
# List the exports of a compiled package
npx @grafana/levitate list-exports \
--path <PATH-TO-A-PACKAGE>/index.d.ts
Check compatibility between a module and a package
To check the compatibility of code using a specific version of a package (e.g.: @grafana/data@9.0.0) against another version of the same package (e.g. @grafana/data@9.0.5).
# Check if the current module.ts usage of @grafana/data is
# compatible with the latest version of it
npx @grafana/levitate is-compatible \
--path <PATH-TO-A-PACKAGE>/module.ts \
--target "@grafana/data@latest"
Ignore specific exports changes
To ignore changes (add, change, remove) from specific export names you can create a .levignore.js file in the same directory where you invoke levitate.
The format of this file should be as follows:
module.exports = {
removals: [
// each entry is a regex
/Sample\.ignoreThisOne/,
/Sample\.ignoreThisOneToo/,
/Sample.*\b/,
'Sample.ignoreThisOneToo', // strings are converted to regex to match exact
],
changes: [
//...
],
additions: [
//...
],
};
Note:
- Levitate will ignore symbols matching the regexes in any of the packages it inspects. If several packages export the same symbol name, they all will be ignored.
- This only affects the
compareandis-compatiblecommands. It doesn't affect thelist-importsorlist-exportscommands. - You should locate your
.levignore.jsfile in the same directory where you invoke levitate.
Contributing
If you are interested in contributing to the Levitate project please read the Contributing guide.
FAQs
A tool for helping to understand APIs exported and consumed by NPM packages (or any TypeScript code).
We found that @grafana/levitate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 23 open source maintainers collaborating on the project.
Package last updated on 18 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025