![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@reach/alert
Advanced tools
Package description
@reach/alert is a React component library that provides accessible alert messages. It helps developers create alerts that are announced by screen readers, ensuring that users with disabilities are informed of important changes or messages on the page.
Basic Alert
This feature allows you to create a basic alert message that will be announced by screen readers. The alert is wrapped in the <Alert> component.
import { Alert } from '@reach/alert';
function App() {
return (
<div>
<Alert>This is an important message!</Alert>
</div>
);
}
Alert with Type
This feature allows you to specify the type of alert. The 'type' prop can be set to 'assertive' or 'polite', which determines how the screen reader will announce the alert.
import { Alert } from '@reach/alert';
function App() {
return (
<div>
<Alert type="assertive">This is an assertive alert!</Alert>
<Alert type="polite">This is a polite alert!</Alert>
</div>
);
}
react-toastify is a popular library for creating toast notifications in React applications. Unlike @reach/alert, it focuses on providing a variety of customizable toast notifications with different styles and animations. However, it also supports accessibility features.
react-aria-live is a library that provides a set of React components to create live regions for accessibility. It allows developers to create polite and assertive live regions, similar to @reach/alert, but with more flexibility in terms of customization and usage.
react-a11y-dialog is a library for creating accessible dialog components in React. While it is primarily focused on dialogs, it also ensures that any important messages within the dialog are accessible to screen readers, similar to the functionality provided by @reach/alert.
Readme
Screen-reader-friendly alert messages. In many apps developers add "alert" messages when network events or other things happen. Users with assistive technologies may not know about the message unless you develop for it.
The Alert component will announce to assistive technologies whatever you render to the screen. If you don't have a screen reader on you won't notice a difference between rendering <Alert>
vs. a <div>
.
function Example(props) {
const [messages, setMessages] = React.useState([]);
return (
<div>
<button
onClick={() => {
setMessages(prevMessages =>
prevMessages.concat([`Message #${prevMessages.length + 1}`])
);
setTimeout(() => {
setMessages(prevMessages => prevMessages.slice(1));
}, 5000);
}}
>
Add a message
</button>
<div>
{messages.map((message, index) => (
<Alert key={index}>{message}</Alert>
))}
</div>
</div>
);
}
FAQs
Unknown package
The npm package @reach/alert receives a total of 76,475 weekly downloads. As such, @reach/alert popularity was classified as popular.
We found that @reach/alert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.