
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
A set of small and fast Node.js utilities to understand your pathing needs.
Multiple submodules (eg, empathic/find) are offered, each of which are:
node:* native APIs$ npm install empathic
import { resolve } from 'node:path';
import * as find from 'empathic/find';
import * as pkg from 'empathic/package';
// Assumed example structure:
let cwd = resolve('path/to/acme/websites/dashboard');
// Find closest "foobar.config.js" file
let file = find.up('foobar.config.js', { cwd });
//=> "/.../path/to/acme/foobar.config.js"
// Find closest "package.json" file
let pkgfile = pkg.up({ cwd });
//=> "/.../path/to/acme/package.json"
// Construct (optionally create) "foobar" cache dir
let cache = pkg.cache('foobar', { cwd, create: true });
//=> "/.../path/to/acme/node_modules/.cache/foobar"
empathic/accessSource · Size:
259b
Check for file access/permissions. Named fs.accessSync shortcuts.
empathic/findFind files and/or directories by walking up parent directories.
empathic/packageConvenience helpers for dealing with package.json files and/or node_modules packages.
empathic/resolveResolve absolute paths to package identifiers, relative paths, file URL, and/or from other root directories.
empathic/walkCollect all the parent directories of a target. Controlled via cwd and last options.
MIT © Luke Edwards
FAQs
A set of small and fast Node.js utilities to understand your pathing needs.
The npm package empathic receives a total of 17,811,147 weekly downloads. As such, empathic popularity was classified as popular.
We found that empathic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.