![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
dji_srt_parser
Advanced tools
Readme
Parses and interprets some data from DJI's Drones SRT metadata files. Mostly tested with Mavic Pro SRT files. You can send me yours if you want it implemented. Please let me know if you create something with this :).
Using npm:
$ npm install dji_srt_parser
//Load module
let DJISRTParser = require('dji_srt_parser');
//Specify data source name
let fileName = "filePath";
//And load the data in a string (with your preferred method)
let dataString = readTextFile(fileName);
//You can create multiple instances, one for reading each SRT file. Specify data as a string and filename for future reference
let DJIData = DJISRTParser(dataString,fileName);
//toGeoJSON() exports the current interpretation of data to a CSV spreadsheet format. The optional value raw exports the raw data instead. You can then use tokml or togpx modules to convert to those formats
let geoJSON = DJIData.toGeoJSON();
//rawMetadata() returns an array of objects with labels and the unmodified SRT data in the form of strings
console.log(DJIData.rawMetadata());
//metadata() returns an object with 2 elements
//(1) a packets array similar to rawMetadata() but with smoothing applied to GPS locations (see below why smoothing is used), distances and with computed speeds in 2d, 3d and vertical
//(2) a stats object containing stats like minimum, average and maximum speeds based on the interpreted data
console.log(DJIData.metadata());
//getSmoothing() returns the current smoothing value (how many data packets to average with, in each array direction)
console.log(DJIData.getSmoothing());
//setSmoothing() modifies the current smoothing value, 0 for no smoothing
console.log(DJIData.setSmoothing(0));
//getFileName() returns the filename, useful if you loaded multiple files in multiple instances
console.log(DJIData.getFileName());
//toCSV() exports the current interpretation of data to the GeoJSON format. The optional value raw exports the raw data instead
let csvData = DJIData.toCSV();
//Now you can also load a GeoJSON (or JSON) file directly into the rawMetadata field. This can be useful if you want to import data from other sources into the syste,
let DJIData = DJISRTParser(JSONDataString,JSONfileName,true);
//These data must follow the same structure as rawMetadata() usually has:
// {
// "TIMECODE":"00:00:01,000",
// "HOME":[
// "149.0251",
// "-20.2532"
// ],
// "DATE":"2017.08.05 14:11:51",
// "GPS":[
// "149.0251",
// "-20.2533",
// "16"
// ],
// "BAROMETER":"1.9",
// "ISO":"100",
// "Shutter":"60",
// "Fnum":"2.2"
// }
Smoothing is applied when interpreting the data because the GPS values provided by DJI are not accurate enough. They don't have enough digits. We average them with the surrounding values to create more pleasant paths and to be able to compute somewhat meaningful speeds. The interpreted values are not necessarily more accurate.
(As far as we know)
FAQs
Unknown package
The npm package dji_srt_parser receives a total of 76 weekly downloads. As such, dji_srt_parser popularity was classified as not popular.
We found that dji_srt_parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.