Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@premise/plugin-dynamic-pick-extension
Advanced tools
@premise/plugin-dynamic-pick-extension
Dynamic Data Form Extension (Frontend and Backend Plugins)
dynamic-pick-extension
Welcome to the dynamic-pick-extension plugin! This plugin is a Custom Field Extension that allow you to create <Select> components that fetches data dynamically from an endpoint. This can be used together with the form-data-backend plugin to write custom logic to fill the field.
Installation
Configuration
Add the import to your App.tsx on the frontend package of your backstage instance:
import { DynamicPickFieldExtension } from '@premise/plugin-dynamic-pick-extension';
Then add the imported field extension as a child of ScaffolderFieldExtensions
<ScaffolderFieldExtensions>
<DynamicPickFieldExtension />
</ScaffolderFieldExtensions>
Usage
To use the extension on a Backstage Template Action just add the ui-field and ui-options fields to the parameter
Basic usage:
parameters:
- category:
title: Category
type: string
ui:field: DynamicPickExtension
ui:options:
# IMPORTANT: The endpoint needs to return a JSON array of strings.
external_data: https://dummyjson.com/products/categories
Using the form-data-backend plugin:
parameters:
- team:
title: Github Team to add as admin of the repository
type: string
ui:field: DynamicPickExtension
ui:options:
# This is a provider added on the form-data-backend plugin
form_data: github/teams
Keywords
FAQs
Dynamic Data Form Extension (Frontend and Backend Plugins)
The npm package @premise/plugin-dynamic-pick-extension receives a total of 121 weekly downloads. As such, @premise/plugin-dynamic-pick-extension popularity was classified as not popular.
We found that @premise/plugin-dynamic-pick-extension demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 30 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025