
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
fetcher(recipeNameOrNames, [options], [callback])
Fetcher is a library the downloads assets and then places them, relative to some cwd
, wherever a recipe specifies.
var fetcher = require('fetcher');
fetcher('backbone', function(er){
if(er) { throw er; }
});
The above will:
{type: "recipe", name: "underscore"}
)vendor/js/backbone.js
An optional options argument can be passed as a second parameter of fetcher()
. The defaults worth concerning yourself with follow:
{
recipeRepo: "git@github.com:linemanjs/fetcher-recipes.git",
cwd: process.cwd()
}
That means you can use Fetcher with your own custom tool ecosystem by defining your own recipe repo. You can also define cwd
to whatever you like in order to install assets relative to whatever path you're interested in.
fetcher currently has no automated tests. To get any feedback, I recommend cloning or starting a recipes repo to work against, then running fetcher out of its own directory and manually inspecting results:
$ node
> require('./index')('google-analytics', {recipeRepo: "/Users/justin/code/linemanjs/fetcher-recipes"}, function(err) { console.log("errors!", err); })
And then inspecting that vendor/js/google-analytics.js
is how it should be, given that recipe.
FAQs
Fetches libraries based on a JSON recipe in a remote repository
The npm package fetcher receives a total of 5,073 weekly downloads. As such, fetcher popularity was classified as popular.
We found that fetcher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.