Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@vscode/dwarf-debugging
Advanced tools
@vscode/dwarf-debugging
This repository publishes an npm module which is used by js-debug to better debug WebAssembly code when DWARF debugging information is present. You can use this in two ways:
- For VS Code users, you will be prompted to install the appropriate extension that contains this module when you first step into a WebAssembly file.
- For users of the js-debug standalone DAP server, you can install the
@vscode/dwarf-debuggingalongside js-debug or somewhere in your NODE_PATH.
This project works by compiling the Chrome C/C++ Debugging Extension in a way that is usable by Node.js programs. Fortunately, the extension is architected such that most work is done inside a WebWorker, and making this instead run in a Node worker_thread is not terribly difficult. Appropriate TypeScript types are exposed, and this module is then shimmed into js-debug which 'pretends' to be Devtools.
Contributing
Building
- Clone this repo, and have Docker or Podman installed.
- Run
npm run build. This will take a while (~1hr depending on how fast your computer is.) Note that for developing you can run individual build steps in their appropriate scripts. - You then have a built module. Run
npm run testto run some basic tests.
General
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
FAQs
Enables DWARF debugging of webassembly in js-debug
The npm package @vscode/dwarf-debugging receives a total of 141 weekly downloads. As such, @vscode/dwarf-debugging popularity was classified as not popular.
We found that @vscode/dwarf-debugging demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Sep 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025