Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Small and modular JavaScript runtime for desktop and mobile. Like Node.js, it provides an asynchronous, event-driven architecture for writing applications in the lingua franca of modern software. Unlike Node.js, it makes embedding and cross-device support core use cases, aiming to run just as well on your phone as on your laptop. The result is a runtime ideal for networked, peer-to-peer applications that can run on a wide selection of hardware.
npm i -g bare
bare [flags] <filename> [...args]
Evaluate a script or start a REPL session if no script is provided.
Arguments:
<filename> The name of a script to evaluate
[...args] Additional arguments made available to the script
Flags:
--version|-v Print the Bare version
--eval|-e <script> Evaluate an inline script
--print|-p <script> Evaluate an inline script and print the result
--inspect Activate the inspector
--help|-h Show help
The specified <script>
or <filename>
is run using Module.load()
. For more information on the module system and the supported formats, see https://github.com/holepunchto/bare-module.
When imported, the module exports the global Bare
namespace. See https://github.com/holepunchto/bare#api for the API documentation.
const Bare = require('bare')
The bare
package name on npm was kindly donated by the folks at Accosine.
Apache-2.0
FAQs
Small and modular JavaScript runtime for desktop and mobile
The npm package bare receives a total of 47 weekly downloads. As such, bare popularity was classified as not popular.
We found that bare demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.