
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
babel-plugin-transform-proxy-compat
Advanced tools
This babel plugin enables Proxy usage in IE 11. In order to make this work, we have to rewrite property lookups, assignments, property deletions, function invocations, in statements and for in loops to use functions in order to execute the correct proxy handlers.
resolveProxyCompat
Object
, default to { module: 'proxy-compat' }
Accepts either:
module
property with a string
value when the proxy APIs should be retrieved from an external module.// Config
{
module: 'my-proxy-compat';
}
// Result
import ProxyCompat from 'my-proxy-compat';
const callKey = ProxyCompat.callKey;
callKey(console, 'log', 'I am Compat');
global
property with a string
value when the proxy APIs should be retrieved from a global variable.// Config
{
global: 'MyProxyCompat';
}
// Result
const callKey = MyProxyCompat.callKey;
callKey(console, 'log', 'I am Compat');
independent
property with a string
value when the proxy APIs should be retrieved from independent modules.// Config
{
independent: 'my-proxy-compat';
}
// Result
import callKey from 'my-proxy-compat/callKey';
callKey(console, 'log', 'I am Compat');
It's possible to disable the proxy compat transform for a specific file using the /* proxy-compat-disable */
comment at the top of the file. This is an escape hatch for code that is performance sensitive and doesn't manipulate any Proxy. Make sure to use it extremely wisely.
/* proxy-compat-disable */
function palindrome(str) {
return (
str ===
str
.split('')
.reverse()
.join('')
);
}
FAQs
Babel plugin to transform code to COMPAT mode
The npm package babel-plugin-transform-proxy-compat receives a total of 4,154 weekly downloads. As such, babel-plugin-transform-proxy-compat popularity was classified as popular.
We found that babel-plugin-transform-proxy-compat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
Product
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
Product
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.