Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
collections
Advanced tools
This package contains JavaScript implementations of common data structures with idiomatic iterfaces, including extensions for Array and Object.
You can use these Node Packaged Modules with Node.js, Browserify,
Mr, or any compatible CommonJS module loader. Using a module loader
or bundler when using Collections in web browsers has the advantage of
only incorporating the modules you need. However, you can just embed
<script src="collections/collections.min.js">
and all of the
collections will be introduced as globals. :warning:
require("collections")
is not supported.
npm install collections --save
Documentation can be found at http://collectionsjs.com which in turn can be updated at https://github.com/montagejs/collectionsjs.com.
Tests are in the test
directory. Use npm test
to run the tests in
NodeJS or open test/run.html
in a browser.
To run the tests in your browser, simply use npm run test:jasmine
.
To run the tests using Karma use npm run test:karma
and for continious tests run with file changes detection npm run test:karma-dev
. Finally to open a remote debug console on karma use npm run test:karma-debug
.
Array.prototype
with additional non-enumerable properties like .set
)FAQs
data structures with idiomatic JavaScript collection interfaces
The npm package collections receives a total of 17,703 weekly downloads. As such, collections popularity was classified as popular.
We found that collections demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.