
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
A small JavaScript library to replace string literals, regular expressions, and comments from the JavaScript syntax.
Escaper is a small JavaScript library to replace string literals, regular expressions, and comments from the JavaScript syntax.
Supports:
' ... '
" ... "
` ... `
, ` ... ${...} `
/ ... /
// ...
, //* ...
, //! ...
, //# ...
, //@ ...
, //$ ...
/* ... */
, /** ... */
, /*! ... */
, /*# ... */
, /*@ ... */
, /*$ ... */
https://raw.githubusercontent.com/kobezzza/Escaper/master/dist/escaper.min.js
or
npm install escaper
or
bower install escaper
or
git clone https://github.com/kobezzza/Escaper
const
str = 'Hello "world" and \'friends\'',
content = [];
// Replaces all found matches
// 'Hello __ESCAPER_QUOT__0_ and __ESCAPER_QUOT__1_'
Escaper.replace(str, content)
// Replaces only single quotes
// 'Hello "world" and __ESCAPER_QUOT__0_'
Escaper.replace(str, ["'"])
// Cuts all found matches
// 'Hello and '
Escaper.replace(str, -1)
// Replaces all and cuts single quotes
// 'Hello __ESCAPER_QUOT__0_ and '
Escaper.replace(str, {"'": -1})
// Replaces all but strings
// 'Hello __ESCAPER_QUOT__0_ and \'friends\''
Escaper.replace(str, {strings: false})
// Replaces all, but strings can be only single quotes
// 'Hello "world" and __ESCAPER_QUOT__0_'
Escaper.replace(str, {strings: ["'"]})
// Replaces all, but strings can be only single quotes and it will be cut
// 'Hello "world" and '
Escaper.replace(str, {strings: {"'": -1}})
// Replaces all found escape blocks to a real content
// 'Hello "world" and \'friends\''
Escaper.paste(str, content);
Replaces all found blocks ' ... '
, " ... "
, ` ... `
, / ... /
, // ...
, /* ... */
to
escape blocks from the specified string and returns a new string.
Arguments
string
str
— source string;string[] | Record<string, string[] | Record<string, boolean | -1> | false | -1> | false | -1
how?
— parameters:Possible values
If a value is set to -1
, then all found matches will be removed from the final string.
If the value is set to boolean
it will be replaced/passed.
// Label of replacement, by default __ESCAPER_QUOT__${pos}_
'label'
// Singleline comment
'singleComments'
// Multiline comments
'multComments'
// All kinds of comments
'comments'
// All kinds of strings
'strings'
// All kinds of literals (except strings and comments)
'literals'
// Literals
"'"
'"'
'`'
'/'
'//'
'//*'
'//!'
'//#'
'//@'
'//$'
'/*'
'/**'
'/*!'
'/*#'
'/*@'
'/*$'
The parameters can be specified as an array (escapes only explicitly specified sequences)
or like an object (disables/excludes by a literal or group). Also, if you set the parameter value as -1
,
then all found sequences will be removed from the string.
string[]
store = Escaper.content
— store for matches.Replaces all found escape blocks to real content from the specified string and returns a new string.
Arguments
string
str
— source string;string[]
store = Escaper.content
— store of matches;RegExp
rgxp?
— RegExp to search, e.g. /__ESCAPER_QUOT__(\d+)_/g
.The MIT License.
FAQs
A small JavaScript library to replace string literals, regular expressions, and comments from the JavaScript syntax.
The npm package escaper receives a total of 2,904 weekly downloads. As such, escaper popularity was classified as popular.
We found that escaper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.