![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@soedirgo/supabase-js
Advanced tools
Readme
supabase-js
An isomorphic JavaScript client for Supabase.
First of all, you need to install the library:
npm install @supabase/supabase-js
Then you're able to import the library and establish the connection with the database:
import { createClient } from '@supabase/supabase-js'
// Create a single supabase client for interacting with your database
const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key')
You can now use plain <script>
s to import supabase-js from CDNs, like:
<script src="https://cdn.jsdelivr.net/npm/@supabase/supabase-js"></script>
or even:
<script src="https://unpkg.com/@supabase/supabase-js"></script>
Then you can use it from a global supabase
variable:
<script>
const { createClient } = supabase
const _supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key')
console.log('Supabase Instance: ', _supabase)
// ...
</script>
You can now use type="module" <script>
s to import supabase-js from CDNs, like:
<script type="module">
import { createClient } from 'https://cdn.jsdelivr.net/npm/@supabase/supabase-js/+esm'
const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key')
console.log('Supabase Instance: ', supabase)
// ...
</script>
fetch
implementationsupabase-js
uses the cross-fetch
library to make HTTP requests, but an alternative fetch
implementation can be provided as an option. This is most useful in environments where cross-fetch
is not compatible, for instance Cloudflare Workers:
import { createClient } from '@supabase/supabase-js'
// Provide a custom `fetch` implementation as an option
const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key', {
fetch: (...args) => fetch(...args),
})
We are building the features of Firebase using enterprise-grade, open source products. We support existing communities wherever possible, and if the products don’t exist we build them and open source them ourselves. Thanks to these sponsors who are making the OSS ecosystem better for everyone.
FAQs
Unknown package
The npm package @soedirgo/supabase-js receives a total of 16 weekly downloads. As such, @soedirgo/supabase-js popularity was classified as not popular.
We found that @soedirgo/supabase-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.