Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@sumor/llm-connector
Advanced tools
llm-connector
A Sumor Cloud Tool.
More Documentation
This is a llm connector for multiple cloud providers.
Supported LLM Providers
openAI
OpenAI is a research lab consisting of the for-profit OpenAI LP and the non-profit OpenAI Inc. The company aims to ensure that artificial general intelligence benefits all of humanity.
- gpt-3.5-turbo
- gpt-4o
qianWen
Alibaba Qianwen is a cloud-based AI service that provides a variety of AI capabilities, including natural language processing, computer vision, and machine learning.
- qwen-turbo
- qwen-plus
- qwen-max
- qwen-max-longcontext
Installation
npm i @sumor/llm-connector --save
Prerequisites
Node.JS version
Require Node.JS version 18.x or above
require Node.JS ES module
As this package is written in ES module,
please change the following code in your package.json file:
{
"type": "module"
}
Usage
Chat
import Model from '@sumor/llm-connector'
const model = new Model({
type: 'openAI', // or 'qianWen'
key: '123'
})
const response = await model.chat('gpt-3.5-turbo', [
{
role: 'system',
content: 'You are a helpful assistant.'
},
{
role: 'user',
content: 'Hello'
}
])
console.log(response)
// Output: { role: 'assistant', content: 'Hello, how can I help you today?' }
Custom API Endpoint URL
import Model from '@sumor/llm-connector'
const model = new Model({
type: 'openAI',
key: '123',
endpoint: 'https://api.openai.com',
chat: '/v1/chat'
})
FAQs
This is a llm connector for multiple cloud providers.
The npm package @sumor/llm-connector receives a total of 26 weekly downloads. As such, @sumor/llm-connector popularity was classified as not popular.
We found that @sumor/llm-connector demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025