
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@trippnology/js8-cli
Advanced tools
Use JS8Call's JSON API via the command line.
This program is essentially just a cli wrapper for lib-js8call.
Make sure you have a recent version of NodeJS installed.
npm install -g @trippnology/js8-cli
Usage: js8-cli [options] [command]
Options:
-v, --vers output the current version
-i, --ip <IP address> IP address of JS8 host machine
-p, --port <port number> Port used by JS8 host machine
-h, --help display help for command
Commands:
inbox.get_messages View a list of your inbox messages
inbox.store_message <callsign> <text> Store a message in your inbox for later transmission
mode.get_speed The current TX speed. 0 = normal, 1 = fast, 2 = turbo, 4 = slow
rig.get_freq The current station frequency
rig.set_freq <offset> [frequency] Change the offset and/or frequency
rx.get_band_activity Gets the text in the band activity window
rx.get_call_activity Gets the text in the call activity window
rx.get_text Gets the text in the QSO window
tx.send_message <text> Transmit a message
tx.set_text <text> Set the text in the TX window
help [command] display help for command
More commands coming soon, as they are added to lib-js8call.
You can provide dynamic input to commands in a couple of different ways.
echo -n "hello, world!" | js8-cli tx.send_message
# -n option omits the newline at the end
cat some-file.txt | js8-cli tx.send_message
This method allows more control over the final output.
js8-cli tx.send_message "$(some-command)"
Posting a report to the WX group, using data from the local disk:
js8-cli tx.send_message "@WX Report from JO02mm: $(cat ~/weather-station/conditions.txt)"
# Outputs:
# @WX Report from JO02mm: 10.5c 93% 1012mb
The same method can be used for other types of telemetry (such as battery level), data from web APIs, or whatever else you come up with. Remember to put quotes around anything that may contain spaces.
git checkout -b my-new-feature developgit commit -am 'Add some feature'git push origin my-new-feature--ip option is now -h or --hostrx commands: rx.get_band_activity, rx.get_call_activity, and rx.get_text-i or --ip) and port number (-p or --port)TODO: Write credits
UNLICENSED
FAQs
Use JS8Call's JSON API via the cli
We found that @trippnology/js8-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.