
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@openhps/web-bluetooth
Advanced tools

If you have npm installed, start using @openhps/web-bluetooth with the following command.
npm install @openhps/web-bluetooth --save
The framework is open source and is mainly developed by PhD Student Maxim Van de Wynckel as part of his research towards Hybrid Positioning and Implicit Human-Computer Interaction under the supervision of Prof. Dr. Beat Signer.
Use of OpenHPS, contributions and feedback is highly appreciated. Please read our contributing guidelines for more information.
Copyright (C) 2019-2023 Maxim Van de Wynckel & Vrije Universiteit Brussel
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
Open Hybrid Positioning System - Web Bluetooth Scanning API
The npm package @openhps/web-bluetooth receives a total of 10 weekly downloads. As such, @openhps/web-bluetooth popularity was classified as not popular.
We found that @openhps/web-bluetooth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.