
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
base-common
Advanced tools
方法说明
let model = {
from:el,
to:this.form.userSourceList[index]={},
config:{
address:'sourceAddress',
sourceCustomerName:'sourceName'
}
}
this._copyField(model)
从from这个对象上边吧 config 后边的字段赋值给 to 这个对象上对应的 config 前边的字段
this.form = this._jsonCopy(this.tableRow)
深拷贝,顾名思义,值是undefined的话 字段会消失
let queryName = this._readUrlQuery('queryName')
会从url 获取到 字段queryName的值
let text = this._readFile(model)
input里边把文件传进去 , 可以得到文件里边的内容
let str = '1234567890'
_strEncryp(str,3,6)
// 123***7890
第一个是字符串,第二个起始下标,第三个结束下标
只做了vue得
import {_popState } from 'zjsmethods'
引入之后在 想要监听得vue文件里边进行混入
mixins:[ _popState ] ;
然后浏览器回滚得时候会触发 popstateChange 方法 , 没有的话会默认行为
当有业务需要上传oss 对象存储的时候,为了避免同一个文件(视频,音频,图片,压缩包等),有可能其他人复制或者改名字等等,造成文件重复上传,大量占用空间,写了一个校验文件二进制的方法
//首先引入这个类
import { _vaileFile } from 'zjsmethods'
// 然后在你需要判断oss 是否有该文件的时候
new _vaileFile('file对象').vaildArrayBuffer().then(res=>{
console.log(res)
// 继续上传 或者 向后端请求已经存在的文件url
})
// new 这个类之后 有一个vaildArrayBuffer 方法 他返回一个promise ,里边返回值是一个md5的字符串,这个是这个文件的唯一标识
在开发移动端得时候有时候需要根据用户手机型号来适配一些特殊得样式,
于是写了下边这个方法
//首先引入这个类
import { _getPhone_v } from 'zjsmethods'
let result = _getPhone_v()
console.log(result)
//{
// os,
// version,
// model,
// message: `系统:${os},版本:${version},手机型号:${model}`
//}
FAQs
The npm package base-common receives a total of 3 weekly downloads. As such, base-common popularity was classified as not popular.
We found that base-common demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.