Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Based on is-canonical-base64 but modified to generate regular expressions for url-safe base64, as described in ssb-uri spec :
URI-safe Base64 is equivalent to Base64 where + characters are replaced with -, and / characters are replaced with _.
const Butt64 = require('butt64')
const regex = new Butt64('ssb:feed/classic/, null, 32)
regex.test('ssb:feed/classic/-oaWWDs8g73EZFUMfW37R_ULtFEjwKN_DczvdYihjbU=')
// => true
new Butt64(prefix, suffix, length) => RegExp
All arguments are optional
prefix
String or Pattern to require at the beginning of stringsuffix
String or Pattern pattern to require at the end of stringlength
Integer the length of the data in bytes you're expected to be encodedButt64.bufferToButt64(buffer) => string
Converts a buffer ing a base64 encoded string.
Butt64.butt64ToBuffer(string) => buffer
Converts a butt64 encoded string into a buffer.
MIT
FAQs
test wether a butt64 string will serialize the same after parsing
We found that butt64 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.