![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@kano/desktop-shell
Advanced tools
Readme
Abstraction layer on top of electron to provide common features in a shell ready to use.
UWP style Titlebar
Classic style titlebar (Windows 10)
Shell
: Use this class to create a new app with a browser window serving content from a local directory
options:
root
, (required) Root of the local directory you want to serve in the browser window.scheme
, Scheme that will be used in the server protocol (Default: shell
)width
, Width of the main window (Default: 800
).height
, Height of the main window (Default: 600
).preload
, path to a preload script (Default: none).titlebar
, Enables the titlebar (Default: true
).uwpTitlebar
, Enables the UWP style titlebar for windows (Default: true
).devMode
, Enables developer mode (DevTool options) (Default: false
).menuTransform
, Function that will receive the shell menu and should return a modified version of it to add custom menu and menu items.windowOptions
, Any option that will be passed down to electron's BrowserWindow
constructor.Methods:
updateMenu()
: Triggers an update of the menu bar.isDevMode()
: Return a boolean. true
if in developer mode false
if not.The following examnple can be run with npm run demo
and the sources are in the app
directory
const { app } = require('electron');
const { Shell, Shellmenu } = require('kano-desktop-shell');
const path = require('path');
const CONTENT_SCHEME = 'my-custom-app';
// Location of the static content to serve. This will be served through a custom protocol
const CONTENT_ROOT = path.join(__dirname, './src');
// Custom menu Item added
ShellMenu.addItem('my-item', { label: 'My Menu Item', click() { console.log('My Menu Item') } });
// Create new Shell with custom options
// Includes automatic window state managment and UWP style titlebar for windows
// Custom preload as module supported
const shell = new Shell({
name: 'My App',
root: CONTENT_ROOT,
scheme: CONTENT_SCHEME,
// Can provide custom width and height
width: 1440,
height: 900,
// Supports preload script
preload: path.join(__dirname, 'preload.js'),
titlebar: true,
// Enable UWP style titlebar
uwpTitlebar: true,
devMode: false,
menu: {
transform(menu) {
const submenu = [ShellMenu.createMenuItem('my-item')];
// Can update when dev mode changes
if (shell.isDevMode()) {
submenu.push(ShellMenu.createMenuItem('separator'));
// Can add custom runtime generated menu items
submenu.push({ label: 'Dev option' });
}
// Inject in list of menus
menu.splice(1, 0, {
label: 'Custom Menu',
submenu,
});
return menu;
},
},
windowOptions: {
icon: path.join(__dirname, 'res/icon_180.png'),
},
// Log options allows to customize logging
log: {
// Default output lod level
level: 'debug',
// File options. Log files are located in the app.getPath('userData') directory
file: {
// Options passed down to bunyan 'rotating-file'
period: '12h',
count: 14,
},
// options applied once devMode is enabled
devMode: {
level: 'debug',
file: {
level: 'debug',
},
}
},
});
app.on('ready', () => {
shell.createWindow();
// Logger can be found here
const { log } = shell;
// The main window is accessible through properties
console.log(shell.window);
});
FAQs
Unknown package
We found that @kano/desktop-shell demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 22 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.