Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
All Your Files Kept Minimal.
Run ayfkm
after npm install
to trim out cruft.
Put this in your package.json devDependencies
:
"ayfkm": "*"
then run this:
npm install && ./node_modules/.bin/ayfkm
Not yet functional. Come back later please!
npm install ayfkm
warning: this deletes files with default call. That seems bad.
basic functionality
how about this: $ cat .ayfkm dashdash/examples jsprim/deps .bin/m* **/tst
how to get options in there if need? a pragma: # this is a comment, next is a pragma (syntax a la Go) # +pragma: aggressive
add more defaults from my imgadm Makefile?
.ayfkm.json support (or perhaps flat file? see ^^
docs
remove dirs made empty
ayfkm ./dir/path/to/node_modules
ayfkm foo
for "./node_modules/foo" clean out
dashdash cruft removal
pragma aggressive: README.md, drop npm server-added fields to package.json, license files okay?
crowdsource .ayfkm directives for npm modules? website, mirrors npm modules,
tied to module major version?, ayfkm --import foo
FAQs
All Your Files Kept Minimal
We found that ayfkm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.