Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
CubegenJS
Protecting and Optimizing your JavaScript Source Code.
When do you need this module?
- Hide keys or secret algorithms in a project.
- Want to detect if the project source code is changed.
- Protecting application from illegal distribution.
- Optimizing nodejs project source code.
Table of contents
Installation
This is a Node.js module available through the npm registry.
This module can be used on node or web projects develop with Node.js version 18.0 or higher.
Installation is done using the npm install command:
npm install --save-dev cubegenjs
or
yarn add --dev cubegenjs
Configuration and Usage
You need create two configuration files cg.builder.js and cb.protector.js.
Generate these files with the command:
npx cubegen init
After that, you have to select the target environment NodeJS or Web Browser based on your project type.
To use protector, you mush import cg.protector.js file in your project.
For example Express.js project in /src/index.js:
import express from 'express'
import '../cg.protector.js'
const app = express()
app.listen(3000, () => {
...
})
or React.js project in /src/App.jsx:
import { useState } from 'react'
import '../cg.protector.js'
function App() {
...
}
After everything is done, build your project with the command:
npx cubegen build
Options
The module use cg.builder.js and cb.protector.js files to define how the module works. Each properties and methods can be set according to your project needs.
Cubegen CLI
Cubegen provides a terminal interface to manage your project.
CLI options of npx cubegen:
-v, --version
-h, --help
commands:
init [options] initialize cubegen configuration
build [options] building your project to distribution code
options:
-r, --root <string> relative root project directory (default: "./")
Cubegen Builder
The cg.builder.js file contains the rules for how your project will be transformed with bundlers and obfuscators.
appKey
Type: string Default: <generate by system>
Application key for generate private keys inner your code. You can use a custom random characters.
target
Type: string Default: <generate by system>
Target where your application will be run in production. Available options: node and browser
buildCommand
Type: string Default: npm run build
⚠️ Only available in web project.
Command to build your web project. The build command example: npm run build or yarn build.
codeBundlingOptions
Type: object Default: {}
⚠️ Only available in node project.
Bundler option to optimize your code with parcel.
Example:
codeBundlingOptions: {
rootDir: './',
outDir: './dist',
entries: [
'src/main.js',
'src/worker.js'
],
staticDirs: [
'public',
'storages'
],
buildMode: 'production'
}
codeObfuscationOptions
Type: object Default: {}
Obfuscation option to obfuscate your protector code with javascript-obfuscator.
Example:
codeObfuscationOptions: {
target: 'node',
seed: '0fddc96ac6cad3b0',
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 1,
...
compact: true,
simplify: true
}
See more option in https://github.com/javascript-obfuscator/javascript-obfuscator?tab=readme-ov-file#options
Cubegen Protector
The cg.protector.js file is the protection algorithm for your project. Your code in cg.protector.js will be fully obfuscated after the build process is complete.
onStart()
This method will be called after protector is started.
Example:
onStart(() => {
console.log('Cubegen protector is starting.')
})
onDocumentLoaded()
⚠️ Only available in web project.
This method will be called after after DOM loaded.
Example:
onDocumentLoaded(() => {
console.log('Web document is loaded.')
})
onDomainNotAllowed()
⚠️ Only available in web project.
This method will be called if site host is not in the whitelist.
Example only allow hosted web app in localhost:*:
const domainLockingOptions = {
enabled: true,
whitelist: [
'localhost',
'localhost:\\d+',
'127.0.0.1:\\d+'
]
}
onDomainNotAllowed(domainLockingOptions, () => {
window.location.host = 'https://your_site.com'
})
onModifiedCode()
⚠️ Only available in node project.
This method will be called if distributed code changed or not match with signiture.
Example:
const modifiedCodeOptions = {
enabled: true
}
onModifiedCode(modifiedCodeOptions, () => {
console.log('Source code is changed.')
process.exit()
})
onIntervalCall()
This method will be called continuously.
Example:
const intervalCallOptions = {
enabled: false,
eventLoopInterval: 5000
}
onIntervalCall(intervalCallOptions, () => {
// call monitoring service or do something
})
Support
The main forum for free and community support is the project Issues on GitHub.
FAQs
Protecting and Optimizing your JavaScript Source Code
The npm package cubegenjs receives a total of 1 weekly downloads. As such, cubegenjs popularity was classified as not popular.
We found that cubegenjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 05 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025