![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@luvio/bundlesize
Advanced tools
Readme
This module is based on the bundlesize package. Adding some customizations for specific to checks in the LDS projects files.
LDS projects only generate the development versions of the files, this package allows to check the size of the bundle in dev (none), minified (min) and compressed using brotli (compressed).
npm install @luvio/bundlesize --save-dev
# or
yarn add @luvio/bundlesize --dev
Add it to your scripts in package.json
"scripts": {
"test": "luvioBundlesize"
}
luvioBundlesize
accepts an array of files to check.
[
{
"path": "./build/vendor.js",
"maxSize": {
"none": "30 kB"
"min": "10 kB",
"compressed": "3 kB"
}
},
{
"path": "./build/chunk-*.js",
"maxSize": {
"none": "10 kB"
"min": "4 kB",
"compressed": "2 kB"
}
}
]
You can keep this array either in
package.json
{
"name": "your cool library",
"version": "1.1.2",
"luvioBundlesize": [
{
"path": "./build/vendor.js",
"maxSize": {
"none": "30 kB"
"min": "10 kB",
"compressed": "3 kB"
}
}
]
}
or in a separate file
luvioBundlesize.config.json
Format:
{
"files": [
{
"path": "./dist.js",
"maxSize": {
"compressed": "3 kB"
}
}
]
}
Fuzzy matching
If the names of your build files are not predictable, you can use the glob pattern to specify files.
This is common if you append a hash to the name or use a tool like create-react-app/nextjs.
{
"files": [
{
"path": "build/**/main-*.js",
"maxSize": {
"compressed": "1 kB"
}
},
{
"path": "build/**/*.chunk.js",
"maxSize": {
"min": "10 kB"
"compressed": "3 kB"
}
}
]
}
It will match multiple files if necessary and create a new row for each file.
FAQs
Unknown package
We found that @luvio/bundlesize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.