Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@spoonly/mskr
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
Mskr
Instant image privacy masking from your terminal.
Installation
npm install -g @spoonly/mskr
# or using pnpm
pnpm install -g @spoonly/mskr
Usage
Mskr uses AI vision models to detect and mask sensitive information (names, phone numbers, etc.) in your images.
Quick Start
-
Configure your API Key:
mskr config set apiKey your_openai_api_key -
Mask an image:
mskr input.jpgThis will create
input-masked.jpgby default. You can also usemskr start input.jpg.
Configuration
Manage your persistent settings to avoid repetitive typing.
# Interactive configuration menu
mskr config
# Direct set/get
mskr config set apiKey your_openai_api_key
mskr config set prompt "Find {targets} in the image and return coords [[x1,y1,x2,y2]]"
mskr config list
Commands
| Command | Description |
|---|---|
mskr [input] | Detects and masks sensitive info in the image (default). |
mskr start [input] | Alias for masking (useful if filename conflicts with subcommands). |
mskr config [action] | Manages configuration (apiKey, baseUrl, model, targets, prompt). |
Masking Options
| Option | Description |
|---|---|
-o, --output <path> | Specify the output image path. |
-t, --targets <list> | Custom targets to mask (e.g., "id card, address"). |
--prompt <template> | Custom prompt template (use {targets} placeholder). |
--api-key <key> | Override stored API key. |
--base-url <url> | Override stored Base URL. |
--model <model> | Override stored Vision model. |
Global Options
| Option | Description |
|---|---|
--debug | Enters debug mode, enabling detailed background logging utilizing consola. |
-h, --help | Display full global help usage and command lists. |
-v, --version | Display the currently installed version dynamically. |
Note for Developers
This starter recommands using npm Trusted Publisher, where the release is done on CI to ensure the security of the packages.
To do so, you need to run pnpm publish manually for the very first time to create the package on npm, and then go to https://www.npmjs.com/package/@spoonly/mskr/access to set the connection to your GitHub repo.
Then for the future releases, you can run pnpm run release to do the release and the GitHub Actions will take care of the release process.
License
FAQs
Instant image privacy masking from your terminal.
We found that @spoonly/mskr demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Apr 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026