
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Executes npm commands within a child_process spawn in order to prevent npm to take too much memory
Executes npm within a child_process spawn in order to prevent npm to take too much memory in the current one.
This module has been created to free the Kevoree Node.js runtime from npm's heavy memory usage.
** :warning: This module needs to be able to access the npm
executable in the PATH (if you have npm installed globally, then it should be ok)**
npm i exec-npm --save
var execNpm = require('exec-npm');
// arguments to give to npm client
// this is equivalent to a call to:
// $ cd /where/to/install/modules
// $ npm install minimist async express
var cmd = [ 'install', 'minimist', 'async', 'express', '--prefix=/where/to/install/modules' ];
execNpm(cmd, function (err) {
if (err) {
console.log('Something went wrong: '+err.message);
} else {
console.log('Success');
}
});
NB. When you specify a
prefix
,npm
will always append to it thenode_modules
folder.
execNpm(args, options, callback): Function
FAQs
Executes npm commands within a child_process spawn in order to prevent npm to take too much memory
The npm package exec-npm receives a total of 7 weekly downloads. As such, exec-npm popularity was classified as not popular.
We found that exec-npm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.