Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@qihoo/fx-mp
Advanced tools
分析接入小程序,主要用于自定义数据收集,帮助开发者、运营人员数据分析,进行小程序优化。
需要小程序开发者修改项目脚本,以编程方式配置。
需要安装npm包,命令如下:
npm install @qihoo/fx-mp
建议在项目中的 app.js 文件中引入
import mp from "@qihoo/fx-mp"
脚本会自动运行,自定义行为的触发,请按后面说明进行使用。
自定义事件分析支持灵活多维和近实时的用户行为分析,可以通过自定义事件触发进行上报,对用户在小程序内的行为做精细化跟踪。目前支持注册、表单类、付款事件。
注册 在注册成功的回调中调用下面代码,即可发送注册成功的打点
代码如下:
_qha.register({
eid: '' /*用户id, 必填项*/
})
表单 在表单中提交后的回调中调用下面代码,即可发送提交成功的打点
代码如下:
_qha.form({
eid: xx /*转化id, 必填项*/
})
付款 在付款成功后的回调中调用下面代码,即可发送付款成功的打点
代码如下:
_qha.payment({
eid: xx, /*转化id, 必填项*/
pymny: xx, /*支付金额, 必填项*/
ptype: 1 /*类型:1小游戏,2网页, 必填项*/
})
自定义点击主要针对页面中某些按钮,区域的点击量进行数据采集,便于开发者、运营人员进行数据分析。
_qha是全局变量,通过npm包的引入而创建,所以自定义点击的声明不得早于代码的执行。建议在app.js中onReady中声明,或者在target页面中的onReady中声明。
代码如下:
_qha.setClickTarget({
id: 'Target的ID', /*必填项, string*/
name: '自定义事件名称' /* 必填项,主要用于数据分析,查看其转化数据*/
})
对于页面中的下载按钮的点击次数的收集,例如下载按钮的id是download,事件名称定为下载转化,示例如下
_qha.setClickTarget({ id: 'download', name: '下载转化' })
FAQs
fenxi for 360 small program
The npm package @qihoo/fx-mp receives a total of 0 weekly downloads. As such, @qihoo/fx-mp popularity was classified as not popular.
We found that @qihoo/fx-mp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.