Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@ui5/webcomponents-theme-base
Advanced tools
- Version
- 0.0.0-39bd3067f
- Version published
- Weekly downloads
- 543 -25.31%
- Maintainers
- 2
Weekly downloads
- Created
UI5 Web Components - Theme Base
Provides common theming assets, used by other UI5 Web Components packages, such as main and fiori.
This package is intended for UI5 Web Component development and currently provides no app development related public APIs.
Resources
- UI5 Web Components - README.md
- UI5 Web Components - Home Page
- UI5 Web Components - Playground and API Reference
Support
We welcome all comments, suggestions, questions, and bug reports. Please follow our Support Guidelines on how to report an issue, or chat with us in the #webcomponents channel of the OpenUI5 Community Slack.
Contribute
Please check our Contribution Guidelines.
License
Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, Version 2.0 except as noted otherwise in the LICENSE file.
FAQs
UI5 Web Components: webcomponents.theme-base
The npm package @ui5/webcomponents-theme-base receives a total of 477 weekly downloads. As such, @ui5/webcomponents-theme-base popularity was classified as not popular.
We found that @ui5/webcomponents-theme-base demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 29 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025