Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
For when you want to run a script in the browser - without opening a browser, and print something of value to the terminal. Why would you ever need to do that? In my case I needed to run various benchmarks in the browser and somehow output the result to the terminal. Reason why it is called Eprint is because we're utilizing Electron under the hood.
First install in your project.
npm install --save-dev eprint
Call eprint
and eprintKill
in your script (Note that both are global functions).
// do some computation
eprint('my script result')
// when script finished execution, call eprintKill to quit
eprintKill()
If you are using TypeScript, include this file in your source so that TypeScript won't complain.
// eprint.d.ts
export {}
declare global {
var eprint: (str: string) => void
var eprintKill: () => void
}
Compile your script and call it with eprint
to execute and print result to terminal.
npm run build && npx eprint dist/my-script.js
You'll probably want to add a script to package.json
for convenience.
"scripts": {
...
"benchmark": "npm run build-benchmark && eprint dist/benchmark.js"
}
If you want to open developer tools for debugging, add --debug
flag:
npm run build && npx eprint --debug dist/my-script.js
Print given string to the terminal. You can replace console.log
with this function. Only caveat is it won't automatically print object so maybe call JSON.stringify
prior.
Take no argument. Call this function when your script finished execution to stop Eprint process.
FAQs
Run your script in Electron and print to terminal
The npm package eprint receives a total of 0 weekly downloads. As such, eprint popularity was classified as not popular.
We found that eprint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.