Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@openzeppelin/cli
Advanced tools
OpenZeppelin SDK Command-Line Interface (@openzeppelin/cli)
Command-line interface for the OpenZeppelin smart contract platform.
OpenZeppelin SDK is a platform to develop, deploy and operate smart contract projects on Ethereum and every other EVM and eWASM-powered blockchain.
This is the repository for the OpenZeppelin commmand-line interface, the recommended way to use the OpenZeppelin SDK.
Install
First, install Node.js and npm. Then, install the OpenZeppelin SDK running:
npm install --global @openzeppelin/cli
Usage
To start, create a directory for the project and access it:
mkdir my-project
cd my-project
Use npm to create a package.json file:
npm init
And initialize the OpenZeppelin SDK project:
openzeppelin init my-project
Now it is possible to add contracts to the project with the openzeppelin add command,
push these contracts to a blockchain network with openzeppelin push, use
openzeppelin deploy to create instances for these contracts that later can be
upgraded, and many more things.
Run openzeppelin --help for more details about this and all the other functions of
the OpenZeppelin CLI.
The
OpenZeppelin SDK documentation
explains how to use the openzeppelin command-line interface to build a project, to
upgrade contracts and to share packages for other projects to reuse. It also
explains how to operate the project with the OpenZeppelin JavaScript libraries
instead of this openzeppelin command.
Security
If you find a security issue, please contact us at security@openzeppelin.com. We give rewards for reported issues, according to impact and severity.
Maintainers
Contribute
To contribute, join our community channel on Telegram where you can talk to all the OpenZeppelin developers, contributors, partners and users.
You can also follow the recent developments of the project in our blog and Twitter account.
License
MIT © OpenZeppelin
FAQs
Command-line interface for the OpenZeppelin smart contract platform
The npm package @openzeppelin/cli receives a total of 207 weekly downloads. As such, @openzeppelin/cli popularity was classified as not popular.
We found that @openzeppelin/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 13 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025