Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
get-proxy-settings
Advanced tools
Note: This project is not actively maintained. If some issues come up we'll look into fixing them but new features will most likely not make it.
System Proxy
This library support
- Reading proxy settings from the
HTTP_PROXYorHTTPS_PROXYenvironment variables - Reading proxy settings from the
HTTP_PROXYorHTTPS_PROXYnode configuration - Retrieving the settings from the internet settings on Windows in the registry
- Validating the connection and asking for credentials if needed
- Note that it doesn't support every proxy system. If you are using electron it is recommended to use electron/chromium built in proxy support which is much more advanced.
Install
npm install --save get-proxy-settings
Usage
Import
// With named import
import { getProxySettings, getAndTestProxySettings } from "get-proxy-settings";
// Or with commonjs
const { getProxySettings, getAndTestProxySettings } = require("get-proxy-settings");
Use
async function basic() {
const proxy = await getProxySettings();
console.log("proxy", proxy.http, proxy.https);
}
// Get and validate the proxy settings
async function withValidation() {
async function login() {
// Do any async operation to retrieve the username and password of the user(prompt?)
return {username: "abc", password: "123"}
}
const proxy = await getAndTestProxySettings(login);
console.log("proxy", proxy.http, proxy.https);
}
Config
Update the test url (Which url is used to validate the proxy)
import { defaults } from "get-proxy-settings";
defaults.testUrl = "https://example.com";
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Credits
- Timothee Guerin
- Adar Zandberg from the CxSCA AppSec team at Checkmarx. (Finding Command injection vulnerability)
Keywords
FAQs
Retrieve proxy settings specified by the system
The npm package get-proxy-settings receives a total of 2,495 weekly downloads. As such, get-proxy-settings popularity was classified as popular.
We found that get-proxy-settings demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 23 Feb 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025