Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@paxperscientiam/generate-phaser3-filepack
Advanced tools
Readme
This project is still a work in progress. I have intentionally designed this script to not write a file. Users can produce a file through output re-direction.
This script serves Phaser 3 developers who manage their assets with Phaser's PackFile loader. It's meant to take the load off of manually maintaining a PackFile, which becomes tedious once one is dealing with lots of assets. The product of this script is meant to adhere to the form defined in framework definition.
Generates a Pack File based on organization of asset files, using a configuration file to shape output.
This script requires a configuration file following the following structure:
{
"ignoredPaths"?: string|string[] // string ready to be converted to RegEx
"extensions"?: string // optional comma-separated list of allowed file extensions, default action is not to filter by extension
"options":? {
"keyFormat"?: "namespaced"|"filebasename" ,
"outputDuplicateKeyWarning"?: boolean
"applyProAssetKeyPrefix"?: boolean
"removeBaseDirFromURL"?: boolean
},
"targets": [
{
"key": string // unique key to describe set of targeted files
"basePath": string // which directory to search
"hint"?: ["audio"|"image"|"bitmapFont"] // optionally assert asset type
"extensions"?: string // comma separated list of allowed file extensions, takes precedence over higher-level definition
"ignoredPaths"?: string|string[] // string ready to be converted to RegEx
},
{
// additional targets
}
]
}
This script processes targets sequentially. What this means is that files found in the first target folder will not be processed a second time, even if included in the second target. This prevents double-processing, which is useful if higher-ranked target is type-hinted.
For assets that are not automatically inferred, you'll probably want to take advantage of hint options.
npx @paxperscientiam/generate-phaser3-filepack <configfile.json>
Example of invocation and saving (careful not overwrite unintentionally):
npx @paxperscientiam/generate-phaser3-filepack config.json > filepack.json
This script does NOT write anything to file; it's up to you to do so.
If you set a "hint", it's assumed accurate.
asBlob
and noAudio
in post-processing.FAQs
[Phaser 3](https://github.com/photonstorm/phaser) Pack File Generator ------
We found that @paxperscientiam/generate-phaser3-filepack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.