Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@nexeraid/merkle-tree-js
Advanced tools
npm install @nexeraid/js-sdk
/**
* Create an API client and authenticate with your API key
*/
const apiClient = createApiClient({
apiKey: API_KEY,
});
If you already have your own authentication system, you can create a user session like so:
/*
* Get access token
* This has to be done from secured server, to avoid leaking API_KEY
*/
const sessionRes = await apiClient.createSession({
/**
* The workflow id that this session will be bound to.
* You can find this id in nexera's dashboard.
*/
workflowId: WORKFLOW_ID,
/**
* The unique identifier to associate this used to.
* This id is used to differenciate users on Nexera and will be
* given back to you on every webhook we send.
*/
externalUserId: "35194",
});
Please find below an example endpoint using express:
const apiClient = createApiClient({
apiKey: API_KEY,
});
app.get('/my-nexera-auth', (req, res) => {
const userId = req.userId;
const authSession = await apiClient.createSession({
workflowId: WORKFLOW_ID,
externalUserId: userId,
});
res.json(authSession);
});
TODO
FAQs
NexeraID Merkle Tree JS
The npm package @nexeraid/merkle-tree-js receives a total of 7 weekly downloads. As such, @nexeraid/merkle-tree-js popularity was classified as not popular.
We found that @nexeraid/merkle-tree-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.