
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
Exode is a command-line utility for launching express typescript projects. There's also the option to use simple vanilla javascript. It assists with the initial configuration of things so that you, as the developer, may concentrate on development rather than the boring and repetitive setup for each new project. It is, however, non-opinionated, and you can use any ORM, Linter, or Library you like.
To start an express app with Typescript (which is the default behaviour)
$ npx exode init appname
To use Javascript Instead of Typescript
$ npx exode init appname -js
or
$ npx exode init appname --javascript
FAQs
a cli tool used to kick start express applications
The npm package exode receives a total of 12 weekly downloads. As such, exode popularity was classified as not popular.
We found that exode demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.