![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@openzeppelin/cli
Advanced tools
Readme
Command-line interface for the OpenZeppelin smart contract platform.
OpenZeppelin SDK is a platform to develop, deploy and operate smart contract projects on Ethereum and every other EVM and eWASM-powered blockchain.
This is the repository for the OpenZeppelin commmand-line interface, the recommended way to use the OpenZeppelin SDK.
First, install Node.js and npm. Then, install the OpenZeppelin SDK running:
npm install --global @openzeppelin/cli
To start, create a directory for the project and access it:
mkdir my-project
cd my-project
Use npm
to create a package.json
file:
npm init
And initialize the OpenZeppelin SDK project:
openzeppelin init my-project
Now it is possible to add contracts to the project with the openzeppelin add
command,
push these contracts to a blockchain network with openzeppelin push
, use
openzeppelin create
to create instances for these contracts that later can be
upgraded, and many more things.
Run openzeppelin --help
for more details about this and all the other functions of
the OpenZeppelin CLI.
The
OpenZeppelin SDK documentation
explains how to use the openzeppelin
command-line interface to build a project, to
upgrade contracts and to share packages for other projects to reuse. It also
explains how to operate the project with the OpenZeppelin JavaScript libraries
instead of this openzeppelin
command.
If you find a security issue, please contact us at security@openzeppelin.com. We give rewards for reported issues, according to impact and severity.
To contribute, join our community channel on Telegram where you can talk to all the OpenZeppelin developers, contributors, partners and users.
You can also follow the recent developments of the project in our blog and Twitter account.
MIT © OpenZeppelin
FAQs
Unknown package
The npm package @openzeppelin/cli receives a total of 384 weekly downloads. As such, @openzeppelin/cli popularity was classified as not popular.
We found that @openzeppelin/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.