![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@protobuf-ts/plugin-framework
Advanced tools
Readme
A framework to create protoc plugins in typescript.
The google protocol buffer compiler (protoc) has a plugin system. With a protoc plugin, it is possible to generate code for .proto files in any language, not just the ones supported directly by protoc.
A protoc plugin receives a CodeGeneratorRequest
(a protobuf message)
via stdin and returns a CodeGeneratorResponse
via stdout.
This framework aims to make it as easy as possible to write a protoc plugin in typescript. It has special support for generating typescript code, but can be used to generate code in other languages.
provides a symbol table that can be used to track generated types in any language
has special support for generating typescript code using the typescript compiler API. For example, it has a simple API to import objects from a package, or from the symbol table.
provides a base class for plugins that supports parameters, error handling, supported features and easy setup.
builds a tree of descriptors so that it is trivial to lookup the parent of a nested message, for example.
builds a lookup object to find the descriptor for a given type name
provides a string format object that can print a message field like it was typed by the user.
provides a source code comment lookup that can be used to easily find comments for a given element in a .proto
provides convenience methods to check if a field was declared optional or as a oneof member
descriptor-registry.ts
to see the if it can help you work with the
descriptor protos that the compiler sends you.plugin-base.ts
for a base class that can help with some plumbing.FAQs
Unknown package
We found that @protobuf-ts/plugin-framework demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.