Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
case-sensitive-paths-webpack-plugin
Advanced tools
Readme
This Webpack plugin enforces the entire path of all required modules match the exact case of the actual path on disk. Using this plugin helps alleviate cases where developers working on OSX, which does not follow strict path case sensitivity, will cause conflicts with other developers or build boxes running other operating systems which require correctly cased paths.
Previous iterations on this same idea provide the basis for this plugin, but unfortunately do not properly check case on the entire path. This plugin fixes that. Example output:
ERROR in ./src/containers/SearchProducts.js Module not found: Error: [CaseSensitivePathsPlugin]
/Users/example/yourproject/src/components/searchProducts/searchproducts.js
does not match the corresponding path on disk/Users/example/yourproject/src/components/searchproducts
@ ./src/containers/SearchProducts.js 9:22-84
npm install --save-dev case-sensitive-paths-webpack-plugin
var CaseSensitivePathsPlugin = require('case-sensitive-paths-webpack-plugin');
var webpackConfig = {
plugins: [
new CaseSensitivePathsPlugin()
// other plugins ...
]
// other webpack config ...
}
Want more information? Pass {debug: true}
to the plugin like so:
new CaseSensitivePathsPlugin({debug: true})
It will output every directory it reads, as well as a sum total of filesystem operations. This is mostly useful for internal debugging of the plugin, but if you find it useful, more power to you.
Check the /demo
directory for a working example of the plugin in action, with tests demonstrating the effect of the plugin. See /demo/README.md
for more.
FAQs
Enforces module path case sensitivity in Webpack
We found that case-sensitive-paths-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.