Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
choo-notification
Advanced tools
Web Notification plugin for Choo.
Note: be careful when using notifications. Overuse, or even asking for permissions unexpectedly can provide people with a bad experience. Make sure people know why you're asking for permission to send notifications. Use this API responsibly.
var html = require('choo/html')
var choo = require('choo')
var app = choo()
app.use(require('choo-devtools')())
app.use(require('./')())
app.route('/', (state, emit) => {
return html`
<body>
<button onclick=${enable} disabled=${state.notification.permission}>
${state.notification.permission
? 'Notifications are enabled'
: 'Enable notifications'}
</button>
<button onclick=${notify}>
Clicky
</button>
</body>
`
function enable () {
emit('notification:request')
}
function notify () {
if (state.notification.permission) {
emit('notification:new', 'clicky!')
}
}
})
app.mount('body')
'notification:request'
| state.events.NOTIFICATION_REQUEST
Request to use the notifications API. Emits either 'notification:granted'
or
'notification:denied'
after calling it. Also emits a 'render'
event after
the permission state changes.
'notification:granted'
| state.events.NOTIFICATION_GRANTED
Emitted after calling 'notification:request'
.
'notification:denied'
| state.events.NOTIFICATION_DENIED
Emitted after calling 'notification:request'
.
'notification:new'
| state.events.NOTIFICATION_NEW
Emit a new notification. Make sure you have access to send notifications before.
notificationPlugin = chooNotification()
Create a new choo-notification
instance.
$ npm install choo-notification
FAQs
Web Notification plugin for Choo
The npm package choo-notification receives a total of 2 weekly downloads. As such, choo-notification popularity was classified as not popular.
We found that choo-notification demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.