Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@opentermsarchive/engine
Advanced tools
Tracks and makes visible changes to the terms of online services
This codebase is a Node.js module enabling downloading, archiving and publishing versions of documents obtained online. It can be used independently from the Open Terms Archive ecosystem. For a high-level overview of Open Terms Archive’s wider goals and processes, please read its public homepage.
For documentation, visit docs.opentermsarchive.org
To contribute to the Open Terms Archive Engine, please refer to the contributing guidelines before submitting pull requests. Bugs can be reported or features requested by opening an issue.
The code for this software is distributed under the European Union Public Licence (EUPL) v1.2. In short, this means you are allowed to read, use, modify and redistribute this source code, as long as you as you credit “Open Terms Archive Contributors” and make available any change you make to it under similar conditions.
Contact the core team over email at contact@[project name without spaces].org
if you have any specific need or question regarding licensing.
4.0.0 - 2024-12-04
Full changeset and discussions: #1123.
Development of this release was supported by the French Ministry for Foreign Affairs through its ministerial State Startups incubator under the aegis of the Ambassador for Digital Affairs.
@opentermsarchive/engine.services.declarationsPath
with @opentermsarchive/engine.collectionPath
; ensure your declarations are located in ./declarations
in your collection folderFAQs
Tracks and makes visible changes to the terms of online services
The npm package @opentermsarchive/engine receives a total of 261 weekly downloads. As such, @opentermsarchive/engine popularity was classified as not popular.
We found that @opentermsarchive/engine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.