
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
[](https://travis-ci.org/fabiosantoscode/dumbjs)
WIP: Parts of this repo don't work properly yet. If something is crashing dumbjs and it doesn't seem like an intentional dumbjs-originated limitation, file an issue!
A first pass for js2cpp. Uses browserify's dependencies to flatten the dependency tree into a single file, then makes the file not use closures at all by implementing closures in pure javascript.
This was created because I found it too hard to implement closures in js2cpp, then it became clear that it would be much better to implement them at the javascript level, and make the current js2cpp just work on a simple subset of javascript.
So I made dumbjs. It turns javascript into a simpler subset of itself. The most important transformations:
This document has been invaluable in understanding the difficulties and nuances of implementing closures, and describes complicated problems in a way that's easily understandable.
This wikipedia article describes the main problem of implementing closures, and why you can't store functions and their closures on the stack if you want functions in your language to be first-class.
FAQs
[](https://travis-ci.org/fabiosantoscode/dumbjs)
The npm package dumbjs receives a total of 2 weekly downloads. As such, dumbjs popularity was classified as not popular.
We found that dumbjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.