Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@misk/common
Advanced tools
This package provides shared libraries, externals, and styles across Misk tab repos.
$ yarn add @misk/common
@misk/dev
, vendors.js
and styles.js
will automatically be included in the build of that repo.@misk/dev
, use the Manual Inclusion steps below.copy-webpack-plugin
to copy the compiled vendor.js
and styles.js
files into build folder.
Install copy-webpack-plugin
npm i -D copy-webpack-plugin
Add the following to your webpack.config.js
const CopyWebpackPlugin = require('copy-webpack-plugin');
...
module.exports = {
mode
entry
...
plugins: [
new CopyWebpackPlugin(
[{ from: './node_modules/@misk/common/lib' }],
{ debug: 'info', copyUnmodified: true }
)
],
}
Add the following to your index.html
to import styles.js
and vendors.js
<body>
...
<!-- Misk Common Libraries -->
<script type="text/javascript" src="js/styles.js" async></script>
<script type="text/javascript" src="js/vendors.js" preload></script>
<!-- Other JS -->
</body>
From package.json
:
@blueprintjs/core
@blueprintjs/icons
axios
connected-react-router
dayjs
history
immutable
react
react-dom
react-helmet
react-hot-loader
react-redux
react-router
react-router-dom
react-router-redux
react-transition-group
redux
redux-saga
skeleton-css
styled-components
import '../node_modules/@blueprintjs/core/lib/css/blueprint.css'
import '../node_modules/normalize.css/normalize.css'
import '../node_modules/skeleton-css/css/skeleton.css'
import './styles/misk-common.css'
#Adding a new package
yarn add {package}
to add the package to package.json
vendorExternals
in @misk/dev/externals.js
src/vendors.js
README.md
with a copy of the updated package.json
list of packages#Adding a Cached Remote Asset
vendors.js
or styles.js
package.json
under the metadata key "miskCachedUrls"
with the format as follows
"miskCachedUrls": {
"taskname": {
"filepath": "font.css",
"url": "https://url.com/fonts/font.css"
},
"taskname2": {...}
}
taskname
: string description of the remote assetfilepath
: filepath within @misk/common/cachedUrls/
to which the url will be downloadedurl
: valid url that within a browser downloads or presents the desired fileyarn run refresh
initiates the download of all declared "miskCachedUrls"
using code in ./refreshCachedUrls.js
webpack.config.js
: Exports common variables and functionswebpack.static.config.js
: Exports common styles filewebpack.vendor.config.js
: Exports common vendors library fileFAQs
Misk-Web Common Libraries, Styles
The npm package @misk/common receives a total of 535 weekly downloads. As such, @misk/common popularity was classified as not popular.
We found that @misk/common demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.