![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@streamr/cdn-location
Advanced tools
Changelog
[100.2.4] - 2024-05-06
Readme
CDN-location is a small package that provides a way to detect the very rough location of the computer running the code (in the order of the IATA code of the CDN server serving the computer). Location data of this accuracy is useful for example in building location-aware P2P networks where the location data can be used to optimize the network topology.
The location is detected using IATA code returned in HTTP response headers of:
The three services are queried in this order, and the first non-empty IATA code returned is used as the approximate location of the user.
CDN-location also provides a mapping from the IATA airport codes in use by Amazon, Fastly and Cloudflare to a numeric region number. The region numbers have been chosen according to a solution to the travelling salesman problem (TSP) of finding the shortest paths between the IATA airports, and by clustering the solution by country to ensure that aiports in a single country receive subsequent region numbers. These numeric region numbers can be used to ensure that users from nearby regions also are near to each other in the ID space of a P2P network.
npm install @streamr/cdn-location
import { getLocalRegion, getLocalAirportCode } from '@streamr/cdn-location'
(async () => {
// Returns the region number (ending with '00') of the detected
// local CDN point of presence.
// If the the local aiport code cannot be fetched from
// the CDN services, returns a random region number ending
// with '99' that is within the range of the
// region numbers in the file airportCodeToRegion.ts.
const regionNumber: number = await getLocalRegion()
// Returns the IATA code of the local CDN point of
// presence or undefined if the local aiport code
// cannot be fetched from the CDN services.
const airportCode: string|undefined = await getLocalAirportCode()
})()
The following information is meant for advanced users who wish to re-generate the data files used by the package. If you are not interested in re-generating the data files, you can skip this section.
The data file src/airportCodeToRegion.ts contains a mapping between IATA airport codes and numeric region IDs. The region numbers are chosen according to a solution to the travelling salesman problem (TSP) of finding the shortest paths between the IATA airports and clustering the result by country. The file src/airportCodeToRegion.ts is generated using the data and code found in data-generation folder.
The data generation is done in three steps:
You need to run the script prepareForTSPSolver.sh first, then run the TSP solver of your choice to generate a solution to the travelling salesman problem, and finally run the script generateDataFromTSPSolverResult.sh to generate the src/iataToRegion.ts file.
This package does not contain a TSP solver. It is up to the user who wishes to re-generate the data files to choose a TSP solver of their liking. You can find hints on how to solve the TSP problem from https://observablehq.com/@mourner/world-airports-shortest-roundtrip-tsp.
brew install jq
or sudo apt-get install jq
brew install pup
or sudo apt-get install pup
Running the script:
npm run prepare-for-tsp-solver
Description:
This script prepares the data for the TSP solver. It downloads the data of all the airports in the world from OurAirports, and extracts the IATA codes of the Amazon, Fastly and CloudFlare point of presence airports. The script then merges the IATA codes of the Amazon, Fastly and CloudFlare point of presence airports into a single file. The script enhances the data of the airports with coordinates, and continent and country codes. Finally, the script generates a file that contains just the index (starting with 1) and coordinates of the airports in the same order as in the airports file. This file is used as the input to the TSP solver of your choice.
Inputs:
Generated intermediate files:
Outputs:
Description:
This script takes the solution to the TSP problem from tsp-output/shortestpath.csv and combines it with the data of the airports in intermediate-files/airportsWithCoordinates.csv. The script then clusters the solution by country and assigns a numeric region number to each airport. The script finally generates a typescript file that contains the mapping between IATA airport codes and numeric region numbers. The script also generates a human-readable rendering of the mapping between IATA airport codes and numeric region numbers that can be used for checking the feasibility of the generated mapping.
Running the script:
npm run generate-data-from-tsp-solution
Inputs:
Outputs:
FAQs
Unknown package
We found that @streamr/cdn-location demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.