![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@vonage/extend-voice-transcription
Advanced tools
Readme
This is a small wrapper around various Voice Transcription services to make it easier to provide voice transcription from our Voice API. To use this, you'll need a Vonage account. Sign up for free at nexmo.com.
This bundle is currently in development/beta status, so there may be bugs
Open a command console, enter your project directory and execute the following command to download the latest stable version of this module:
$ npm install @vonage/extend-voice-transcription
This module relies on external services to provide the actual transcription services. We currently support:
Each service takes a configuration object that is passed to the underlying service. To enable a service, just pass in the appropriate configuration object.
const { SpeechToText } = require("@vonage/extend-voice-transcription");
const STTConnector = new SpeechToText({
audioRate: "audio/l16;rate=16000",
handler: (data) => {
console.log(`Vonage Transcription: ${data}`);
},
gCloudSpeech: {
keyFilename: './keys.json',
projectId: 'project-name'
},
});
const { SpeechToText } = require("@vonage/extend-voice-transcription");
const STTConnector = new SpeechToText({
audioRate: "audio/l16;rate=16000",
handler: (data) => {
console.log(`Vonage Transcription: ${data}`);
},
azureCognitiveSpeech: {
key: "azure-key",
region: "region",
},
});
This module is designed to work directly with incoming audio frames from the Vonage Voice API web sockets. Audio can be streamed through the web socket and directly passed to the transcription service. A handler is defined that will work with the returned data.
When configuring the SpeechToText
object, you will need to pass in the
audioRate
that is being used by the web socket, a handler
which will
accept a single string parameter (the transcribed text), and the configuration
data for the service you are using.
This sample application sets up a small Express web socket application. The socket
listens on the /echo
route, and will pass the audio directly to the Azure Cognitive
Speech API. Once the text has been transcribed and returned, it is passed to the handler
function we defined that will output the text to the application's console log.
const express = require("express");
const app = express();
const expressWs = require("express-ws")(app);
const port = 3000;
const { SpeechToText } = require("@vonage/extend-voice-transcription");
const STTConnector = new SpeechToText({
audioRate: "audio/l16;rate=16000",
handler: (data) => {
console.log(`Vonage Transcription: ${data}`);
},
azureCognitiveSpeech: {
key: "azure-key",
region: "region",
},
});
app.get("/", (req, res) => {
res.setHeader("Content-Type", "application/json");
res.send(
JSON.stringify(
STTConnector.createNCCO(`${req.protocol}://${req.hostname}/echo`)
)
);
});
app.get("/events", (req, res) => {
console.log(req);
});
app.ws("/echo", async (ws, req) => {
ws.on("message", async (msg) => {
if (typeof msg === "string") {
console.log(msg);
} else {
STTConnector.stream(msg);
}
});
ws.on("close", () => {
STTConnector.destroy();
});
});
app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
This library is actively developed, and we love to hear from you! Please feel free to create an issue or open a pull request with your questions, comments, suggestions and feedback.
FAQs
Unknown package
The npm package @vonage/extend-voice-transcription receives a total of 1 weekly downloads. As such, @vonage/extend-voice-transcription popularity was classified as not popular.
We found that @vonage/extend-voice-transcription demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.