
Research
/Security News
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.
@replit/codemirror-vim
Advanced tools
npm i @replit/codemirror-vim
import { basicSetup, EditorView } from 'codemirror';
import { vim } from "@replit/codemirror-vim"
let view = new EditorView({
doc: "",
extensions: [
// make sure vim is included before other keymaps
vim(),
// include the default keymap and all other keymaps you want to use in insert mode
basicSetup,
],
parent: document.querySelector('#editor'),
})
Note: if you are not using
basicSetup, make sure you include the drawSelection plugin to correctly render the selection in visual mode.
The same api that could be used in previous version of codemirror https://codemirror.net/doc/manual.html#vimapi, can be used with this plugin too, just replace the old editor instance with view.cm in your code
import {Vim, getCM} from "@replit/codemirror-vim"
let cm = getCM(view)
// use cm to access the old cm5 api
Vim.exitInsertMode(cm)
Vim.handleKey(cm, "<Esc>")
Vim.defineEx('write', 'w', function() {
// save the file
});
Vim.map("jj", "<Esc>", "insert"); // in insert mode
Vim.map("Y", "y$"); // in normal mode
Vim.unmap("jj", "insert");
defaultKeymap.push({ keys: 'gq', type: 'operator', operator: 'hardWrap' });
Vim.defineOperator("hardWrap", function(cm, operatorArgs, ranges, oldAnchor, newHead) {
// make changes and return new cursor position
});
This plugin was originally authored by @mightyguava (Yunchi Luo) as part of CodeMirror, before being extracted and maintained here.
FAQs
Vim keybindings for CodeMirror 6
The npm package @replit/codemirror-vim receives a total of 24,276 weekly downloads. As such, @replit/codemirror-vim popularity was classified as popular.
We found that @replit/codemirror-vim demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 22 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.

Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.

Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.