![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
appium-gulp-plugins
Advanced tools
Readme
Custom plugins used accross appium modules
Traceur compilation, sourcemaps and file renaming functionality in one plugin. .es7.js
and .es6.js
files will be automatically
renamed to .js files
. The necessary sourcemaps and traceur comments and imports are also automatically added.
1/ Configure gulp as below:
var gulp = require('gulp'),
Transpiler = require('appium-gulp-plugins').Transpiler;
gulp.task('transpile', function () {
var transpiler = new Transpiler();
// traceur options are configurable in transpiler.traceurOpts
return gulp.src('test/fixtures/es7/**/*.js')
.pipe(transpiler.stream())
.pipe(gulp.dest('build'));
});
2/ in your code you need to mark the main and mocha files as below:
// transpile:main
at the beginning of the file (example here) .// transpile:mocha
at the beginning of the file (example here)Regular lib files do not need any extra comments.
Set the following env variable to skip the traceur runtime declaration.
process.env.SKIP_TRACEUR_RUNTIME = true;
There are some issues Gulp 3.x error handling which cause the default gulp-watch to hang. This pluging is a small hack which solves that by respawning the whole process on error. This should not be needed is gulp 4.0.
var gulp = require('gulp'),
spawnWatcher = require('./index').spawnWatcher.use(gulp);
spawnWatcher.configure('watch', ['lib/**/*.js','test/**/*.js','!test/fixtures'], function() {
// this is the watch action
return runSequence('test');
});
The test function in spawnWatcher.configure
should return a promise.
The spawn needs to catch error as soon as they happen. To do so use the
spawnWatcher.handleError
method, for instance:
// add error handling where needed
gulp.task('transpile', function () {
return gulp.src('test/es7/**/*.js')
.pipe(transpile())
.on('error', spawnWatcher.handleError)
.pipe(gulp.dest('build'));
});
gulp.task('test', ['transpile'] , function () {
process.env.SKIP_TRACEUR_RUNTIME = true;
return gulp.src('build/test/a-specs.js')
.pipe(mocha())
.on('error', spawnWatcher.handleError);
});
Terminal is cleared by default. To avoid that call:
spawnWatcher.clear(false);
Native notification is enabled by default. To disable it use the
--no-notif
option.
FAQs
Unknown package
We found that appium-gulp-plugins demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.