Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
easy-keywords
Advanced tools
Simple utility for extracting some high-salience normalized keywords from a string of English text.
Readme
Simple utility for extracting some high-salience normalized keywords from a string of English text.
Install the easy-keywords
npm package:
npm install easy-keywords
or
yarn install easy-keywords
Use the extractKeywords
function to extract keywords from a string.
import { extractKeywords } from "easy-keywords"
const keywords = await extractKeywords("the t-shirt is green and nice and soft, it is well liked by both men and women, great success. my dad loved it when he tried it");
// returns an array of strings: [
// "shirt",
// "men",
// "dad",
// "great",
// "success",
// "nice",
// "green",
// ]
extractKeywords
takes options as a second argument.
max
: Return a maximum of n keywords, like extractKeywords("some phrase", {max: 1})
to get the top scoring keyword from a phrase.easy-keywords
uses TF/IDF to determine term salience, which is a fancy way of saying that terms that occur more frequently in the input text are assumed to be more important. After normalizing each term and identifying which terms have high TF/IDF scores, we filter down to only nouns and verbs to try to get a bit better signal-to-noise.
TF/IDF is the same algorithm that underlies Lucene's and Elasticsearch's idea of search salience and is a good starting point. If you want higher salience, you could put your entire corpus of documents into a search system and use TF/IDF over the whole corpus. This is currently out of scope for easy-keywords
but PRs are welcome!
FAQs
Simple utility for extracting some high-salience normalized keywords from a string of English text.
We found that easy-keywords demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.