Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
A library to forge IDs for elements in Refract data structures. Data structures can come from MSON or other input sources.
Abagnale attempts to give all elements within the structure a unique ID, even for elements it does not know. It accomplishes this by crawling the element contents and looking for structures that look like other elements.
Along with unique IDs it also attempts to give each element a unique URI fragment that is safe to use in a URL and based on the element's unique ID. This can be found in a link relation called uri-fragment
.
See the test output directory for examples of generated IDs and URI fragments.
It is named after Frank Abagnale, one of the most notorious tricksters ever known. He forged several fake IDs, a pilots license with which he flew over a million miles, faked being a college professor, worked as a fake chief resident pediatrician, and worked in the Louisiana State Attorney General's office with a fake degree from Harvard before being caught.
This project is available via npm
:
npm install abagnale
There are two ways to use the module: either via module-level methods or by instantiating a class instance.
import abagnale, {Abagnale} from 'abagnale';
// Input should be an array of refract elements
const input = [/* ... */];
// Module method
abagnale.forge(input, {separator: '.'});
// Class method
let instance = new Abagnale({separator: '.'});
instance.forge(input);
The following options can be set:
Name | Description | Default |
---|---|---|
separator | Character to denote path segments | . |
uriSeparator | Character to denote path segments in URI fragments | / |
The following list of features in no particular order are known to be missing or cause issues. Please feel free to open a pull request with new features and fixes based on this list! wink wink nudge nudge :beers:
meta
are not yet given IDsattributes
are not yet given IDsabagnale.Abagnale([options])
Create a new instance of the Abagnale
class, which can be used to forge IDs for refract elements.
import {Abagnale} from 'abagnale';
const instance = new Abagnale({separator: '.'});
// Now you can use it!
abagnale.forge([/* input array of elements */]);
// It is also possible to clear the element id cache, essentially resetting
// the instance. After doing this, the instance will generate IDs that have
// already been generated, which can be useful when processing a new unrelated
// document.
abagnale.cache = {};
abagnale.forge(structures, options)
This is a module-level shortcut that instantiates an Abagnale
class with options
and then calls forge(structures)
on it. The structures are modified in-place and returned.
import abagnale from 'abagnale';
abagnale.forge([/* input array of elements */], {separator: '.'});
Copyright © 2016 Apiary, Inc. MIT licensed.
FAQs
Forge unique IDs for Refract data structure elements
The npm package abagnale receives a total of 5 weekly downloads. As such, abagnale popularity was classified as not popular.
We found that abagnale demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.