
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@taxfyle/tfwidgets
Advanced tools
Collection of embedabble widgets to use wherever we may need. The output of these is a single file that can be added to a site via a script tag to power things like our tax calculators.
These are/will be used in our sites as we move to Webflow
Ideal usage of these is publishing the package to npm and just consuming the package via unpkg for free CDN goodness.
The package is built with preact as a lightweight component renderer, microbundle for bundling, and a light engine to find the right DOM nodes to render into as well as to parse props from.
src
directory contains the source for all the scripts and components.example
directory contains html files that can be used to test the usage of the widgets. Feel free to add more as needed.To start the bundler we run npm run start
which should watch for changes in our code and produce a collection of outputs inside the dist
directory that are ready to use. We really only use the .umd.js
file and the corresponding tfwidgets.css
file, but the other formats might become useful at some point.
Running npm run serve
starts a local server that serves every file in the directory. This can be used to develop locally by going to the corresponding html under the example
directory
FAQs
Collection of embedable widgets for use in Taxfyle websites
The npm package @taxfyle/tfwidgets receives a total of 0 weekly downloads. As such, @taxfyle/tfwidgets popularity was classified as not popular.
We found that @taxfyle/tfwidgets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.