Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
eth-mutants
Advanced tools
eth-mutants is a mutation testing tool for Solidity contracts.
npm install eth-mutants
The `preflight` command will show the number of possible mutations found
and print some compact diffs for each mutation. Use this to understand
how long it may take to visit all mutations and please report any invalid
ones.
The test
command will start applying mutations and running your tests to
check if they pass. It will report the result of each mutation.
eth-mutants test
This tools makes some important assumptions about your workspace, which should hold true for most Truffle-based projects, but I plan on adding options to override them soon:
contracts/
directorynpm test
which returns a non-zero error code in
case of failure.The only mutation implemented at the moment is called boundary-condition
and replaces <
adn >
for <=
and >=
and vice-versa. Contributions for
mutators are especially welcomed.
Federico Bond
MIT
FAQs
A mutation testing tool for Solidity contracts
The npm package eth-mutants receives a total of 162 weekly downloads. As such, eth-mutants popularity was classified as not popular.
We found that eth-mutants demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.