![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
closest-root
Advanced tools
Readme
This npm module allows for the user to locate the closest npm root directory from a specified path.
It is assumed that there is a 'package.json' file located at the root of the application (or module). This means that we cannot have files called 'package.json' in the traversal path, as that will then be viewed as a correct root directory.
What we do know for sure, however, is that according to an issue for npm on GitHub, the name of the 'package.json' file will most certainly not change anytime soon. As such, it is imperative that any other files that need to be called 'package.json' are moved to another directory, where it does not interfere with this module
$ npm install closest-root
let rootDirectory = require('closest-root')(__dirname)
/* This will output the closest root directory from the current file, as
* '__dirname' returns the name of the current directory we are inside.
*/
console.log(rootDirectory)
This module, and the code therein, is licensed under ISC.
FAQs
Unknown package
We found that closest-root demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.