Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
doofinder
Advanced tools
A.K.A. js-doofinder
, or just doofinder
, this library makes easy to perform requests to Doofinder's search service and customize the way you present results.
The library can be installed via package managers or directly pointing to a file in jsDelivr's CDN.
The package offers simple CSS you can obtain from the dist
directory. It will help you to build a scaffolding of your project with little effort.
$ npm install doofinder
$ bower install doofinder
You can include the library directly in your website:
<!-- Javascript -->
<script src="//cdn.jsdelivr.net/npm/doofinder@latest/dist/doofinder.min.js"></script>
<!-- CSS -->
<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/doofinder@latest/dist/doofinder.css">
If you only want to know how this is structured, without the details, here we go.
The library provides:
Client
class to perform requests to the Doofinder service.Controller
class which provides an easy-to-use wrapper for the client and holds Widget
instances that will process the response from the service.The project includes a demo you can use as inspiration. To take a look and see things you can do with it:
$ npm install
.$ grunt serve
.http://localhost:8008
in your browser.The demo markup is inside index.html
and the related Javascript code can be found at demo/demo.js
.
NOTICE: The demo uses a test search engine but you can use a different one, just change the value of the HASHID
variable you will find inside index.html
.
IMPORTANT: Doofinder protects API calls with CORS. If you change the HASHID
variable defined in index.html
you will have to allow localhost
for your search engine in Doofinder Admin.
IMPORTANT: This is a work in progress.
FAQs
Javascript Library for Doofinder Search API
The npm package doofinder receives a total of 87 weekly downloads. As such, doofinder popularity was classified as not popular.
We found that doofinder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.