Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Crixalis
Lightweight web framework for node.js
Features
- Small, documented and easily extendable core
- Advanced routing system (content type, method, host) with RegExp support and placeholders
- Compression support (gzip, deflate)
- Static file serving support (with ETag, Last-Modified, Expires and LRU-cache)
Synopsis
General usage
var Crixalis = require('crixalis');
Crixalis
/* Load plugins */
.plugin('shortcuts')
.plugin('access', { format: '%7T %-4m %s %9B %-15h %U%q' })
/* Add route with placeholder */
.get('/hello/:name', function () {
/* Prepare data for response */
this.stash.json = {
message: 'Hello, ' + this.params.name + '!'
};
/* Render response */
this.render();
})
/* Add another route for GET and HEAD methods */
.route('/info', { methods: ['GET', 'HEAD'] }, function () {
var that = this;
require('fs').readFile('./readme.md', function (error, result) {
if (error) {
/* Handle error */
that.error(error);
} else {
that.body = result;
that.render();
}
});
})
/* Catch everything else */
.route('*', function () {
this.redirect('/hello/World');
})
/* Start server on port 8080 */
.start('http', 8080);
Plugins
Available core plugins
accessAccess log (with configurable CLF support)compressionCompress response usinggzipordeflatecompression (also works withstaticplugin)requestThin wrapper aroundhttp.requestandhttps.requestshortcutsRoute declaration helpers,.get(),.post(), etc.staticServe static files
Static server
Crixalis comes with script for serving static files
# Start web server on port `8080` and serve files from current folder
crixalis
# Start web server on port `3000` and serve files from `~/www/`
crixalis --port 3000 --path ~/www/
Copyright and License
Copyright 2012-2016 Alexander Nazarov. All rights reserved.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
FAQs
Lightweight web framework
We found that crixalis demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Oct 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025