Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
send text/html emails and attachments (files, streams and strings) from node.js to any smtp server
send emails, html and attachments (files, streams and strings) from node.js to any smtp server
npm install emailjs
var email = require("./path/to/emailjs/email");
var server = email.server.connect({
user: "username",
password:"password",
host: "smtp.your-email.com",
ssl: true
});
// send the message and get a callback with an error or details of the message that was sent
server.send({
text: "i hope this works",
from: "you <username@your-email.com>",
to: "someone <someone@your-email.com>, another <another@your-email.com>",
cc: "else <else@your-email.com>",
subject: "testing emailjs"
}, function(err, message) { console.log(err || message); });
var email = require("./path/to/emailjs/email");
var server = email.server.connect({
user: "username",
password:"password",
host: "smtp.your-email.com",
ssl: true
});
var message = {
text: "i hope this works",
from: "you <username@your-email.com>",
to: "someone <someone@your-email.com>, another <another@your-email.com>",
cc: "else <else@your-email.com>",
subject: "testing emailjs",
attachment:
[
{data:"<html>i <i>hope</i> this works!</html>", alternative:true},
{path:"path/to/file.zip", type:"application/zip", name:"renamed.zip"}
]
};
// send the message and get a callback with an error or details of the message that was sent
server.send(message, function(err, message) { console.log(err || message); });
// you can continue to send more messages with successive calls to 'server.send',
// they will be queued on the same smtp connection
// or you can create a new server connection with 'email.server.connect'
// to asynchronously send individual emails instead of a queue
var email = require("./path/to/emailjs/email");
var server = email.server.connect({
user: "username",
password:"password",
host: "smtp-mail.outlook.com",
tls: {ciphers: "SSLv3"}
});
var message = {
text: "i hope this works",
from: "you <username@outlook.com>",
to: "someone <someone@your-email.com>, another <another@your-email.com>",
cc: "else <else@your-email.com>",
subject: "testing emailjs",
attachment:
[
{data:"<html>i <i>hope</i> this works!</html>", alternative:true},
{path:"path/to/file.zip", type:"application/zip", name:"renamed.zip"}
]
};
// send the message and get a callback with an error or details of the message that was sent
server.send(message, function(err, message) { console.log(err || message); });
// options is an object with the following keys
options =
{
user // username for logging into smtp
password // password for logging into smtp
host // smtp host
port // smtp port (if null a standard port number will be used)
ssl // boolean or object {key, ca, cert} (if true or object, ssl connection will be made)
tls // boolean or object (if true or object, starttls will be initiated)
timeout // max number of milliseconds to wait for smtp responses (defaults to 5000)
domain // domain to greet smtp with (defaults to os.hostname)
}
// message can be a smtp.Message (as returned by email.message.create)
// or an object identical to the first argument accepted by email.message.create
// callback will be executed with (err, message)
// either when message is sent or an error has occurred
// headers is an object ('from' and 'to' are required)
// returns a Message object
// you can actually pass more message headers than listed, the below are just the
// most common ones you would want to use
headers =
{
text // text of the email
from // sender of the format (address or name <address> or "name" <address>)
to // recipients (same format as above), multiple recipients are separated by a comma
cc // carbon copied recipients (same format as above)
bcc // blind carbon copied recipients (same format as above)
subject // string subject of the email
attachment // one attachment or array of attachments
}
// can be called multiple times, each adding a new attachment
// options is an object with the following possible keys:
options =
{
// one of these fields is required
path // string to where the file is located
data // string of the data you want to attach
stream // binary stream that will provide attachment data (make sure it is in the paused state)
// better performance for binary streams is achieved if buffer.length % (76*6) == 0
// current max size of buffer must be no larger than Message.BUFFERSIZE
// optionally these fields are also accepted
type // string of the file mime type
name // name to give the file as perceived by the recipient
charset // charset to encode attatchment in
method // method to send attachment as (used by calendar invites)
alternative // if true, will be attached inline as an alternative (also defaults type='text/html')
inline // if true, will be attached inline
encoded // set this to true if the data is already base64 encoded, (avoid this if possible)
headers // object containing header=>value pairs for inclusion in this attachment's header
related // an array of attachments that you want to be related to the parent attachment
}
eleith
npm install -d
npm test
issues and pull requests are welcome
FAQs
send text/html emails and attachments (files, streams and strings) from node.js to any smtp server
The npm package emailjs receives a total of 16,573 weekly downloads. As such, emailjs popularity was classified as popular.
We found that emailjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.