
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
@signalapp/windows-dummy-keystroke
Advanced tools
This package exports `sendDummyKeystroke()`, which will send a generic key down/up event on Windows.
This package exports sendDummyKeystroke()
, which will send a generic key down/up event on Windows.
This is a workaround for an issue with Windows Notifications. Normally you can call the native AllowSetForegroundWindow
method to permit another application to take foreground focus. But when an app is started from a Windows notification activation, this call fails with ERROR_ACCESS_DENIED
. One of a list of conditions has to be met for the call to succeed.
Sending a key press event satisfies this check and lets AllowSetForegroundWindow
succeed.
This is useful for letting a second instance of a program activate the original instance. In Electron, you would call this before calling requestSingleInstanceLock()
, as this can call AllowSetForegroundWindow
for the initial instance.
This workaround was used by Chromium to solve a foreground focus issue, and is adapted here for use with Node.
FAQs
This package exports `sendDummyKeystroke()`, which will send a generic key down/up event on Windows.
We found that @signalapp/windows-dummy-keystroke demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.