![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@pnpm/link-bins
Advanced tools
Package description
@pnpm/link-bins is a utility package that helps in linking binaries from node_modules/.bin to a specified directory. This is particularly useful in monorepos or when working with multiple packages that need to share executables.
Linking Binaries
This feature allows you to link all binaries from the node_modules/.bin directory to a specified destination directory. This is useful for making executables available in a consistent location.
const { linkBins } = require('@pnpm/link-bins');
const path = require('path');
const sourceDir = path.join(__dirname, 'node_modules/.bin');
const destDir = path.join(__dirname, 'bin');
linkBins(sourceDir, destDir).then(() => {
console.log('Binaries linked successfully');
}).catch(err => {
console.error('Error linking binaries:', err);
});
symlink-dir is a package that creates symbolic links for directories. While it can be used to link binaries, it is more general-purpose and not specifically designed for linking node_modules/.bin executables.
npm-link is a built-in npm command that allows you to symlink a package folder. It is useful for local development but does not specifically focus on linking binaries from node_modules/.bin.
yarn link is a command provided by Yarn that allows you to symlink a package for local development. Similar to npm-link, it is not specifically designed for linking binaries from node_modules/.bin.
Readme
Link bins to node_modules/.bin
npm i -S @pnpm/logger @pnpm/link-bins
import linkBins, {linkBinsOfPackages} from '@pnpm/link-bins'
await linkBins('node_modules', 'node_modules/.bin')
const packages = [{manifest: packageJson, location: pathToPackage}]
await linkBinsOfPackages(packages, 'node_modules/.bin')
FAQs
Unknown package
We found that @pnpm/link-bins demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.