Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A humble little utility for people who use CommonJS "require". It does a few things:
npm install -g bna
To get help
bna
Go to your node projects' root directory (where package.json is), run
bna .
This will spit out the npm package dependencies.
Figure out the true npm package dependencies by analyzing javascript source code. During a development lifecycle, modules required change constantly and after a while you can't really trust package.json. bna will scan your js code to figure out what modules that you code truely "require".
Fuse generates a single js file application for application distribution. Send user two files: ./node + myapp.js, instead of ./node + myapp.js +
Example:
# generate a single runnable js
bna -f bin/myprogram.js
Generated myprogram.fused.js
# then obfuscate/minify it
uglifyjs myprogram.fused.js -c -m > myprogram.fused.min.js
While in development, it's convenient to add file watchers for hot reloading:
bna -f app.js -w
When app.js or any of the dependencies change, fuse will re-run. The dependencies here refer to all of the javascript files that app.js require directly or indirectly.
Same idea as browserify or webpack.
If you find this useful, make sure you head to https://marijnhaverbeke.nl/fund/ to make a donation. Facebook should have bankrolled him, as react-native switched to acorn. But until then, let us the 99% support each other.
The MIT License (MIT) Copyright (c) 2016 mhzedd@gmail.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Build commoNjs App
The npm package bna receives a total of 7 weekly downloads. As such, bna popularity was classified as not popular.
We found that bna demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.