![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
gitlogplus
Advanced tools
Readme
Git log parser for Node.JS
npm install gitlog --save
const gitlog = require('gitlog');
const options =
{ repo: __dirname + '/test-repo-folder'
, number: 20
, author: 'Dom Harrington'
, fields:
[ 'hash'
, 'abbrevHash'
, 'subject'
, 'authorName'
, 'authorDateRel'
]
, execOptions:
{ maxBuffer: 1000 * 1024
}
};
// Asynchronous (with Callback)
gitlog(options, function(error, commits) {
// Commits is an array of commits in the repo
console.log(commits)
});
// Synchronous
let commits = gitlog(options);
console.log(commits);
See git log
The location of the repo, required field.
The number of commits to return, defaults to 10.
Show commits more recent than a specific date.
Show commits older than a specific date.
Limit the commits output to ones with author/committer header lines that match the specified pattern.
Below fields was returned from the log:
This option is enabled by default.
Much more likely to set status codes to 'C' if files are exact copies of each other.
This option is disabled by default.
Find commits on all branches instead of just on the current one.
This option is disabled by default.
Show only commits in the specified branch or revision range.
By default uses the current branch and defaults to HEAD
(i.e. the whole history leading to the current commit).
Type: Object
Specify some options to be passed to the .exec() method:
cwd
String Current working directory of the child processenv
Object Environment key-value pairssetsid
Booleanencoding
String (Default: 'utf8')timeout
Number (Default: 0)maxBuffer
Number (Default: 200*1024)killSignal
String (Default: 'SIGTERM')An array of fields to return from the log, here are the possible options:
Defaults to 'abbrevHash', 'hash', 'subject' and 'authorName'.
This module works by executing a child process (using child_process.exec()
) to the git
executable, then parsing the stdout into commits. This is done using the --pretty
command line option which allows you to provide a custom formatter to git log
. To enable easy parsing the format is delimited by a tab (\t
) character.
{ hash: '6a7ef5e3b3d9c77743140443c8f9e792b0715721',
abbrevHash: '6a7ef5e',
treeHash: 'f1bf51b15b48a00c33727f364afef695029864c0',
abbrevTreeHash: 'f1bf51b',
parentHashes: 'cfe06dbdb8d0a193640977e016a04678f8f3b04f',
abbrevParentHashes: 'cfe06dbdb8d0a193640977e016a04678f8f3b04f',
authorName: 'Dom Harrington',
authorEmail: 'dom@harringtonxxxxx',
authorDate: '2015-04-09 09:39:23 +0100',
authorDateRel: '6 days ago',
committerName: 'Dom Harrington',
committerEmail: 'dom@harringtonxxxxx',
committerDate: 'Thu Apr 9 09:39:23 2015 +0100',
committerDateRel: '6 days ago',
subject: '1.0.0',
status: [ 'M' ],
files: [ 'package.json' ] }
FAQs
Unknown package
The npm package gitlogplus receives a total of 13 weekly downloads. As such, gitlogplus popularity was classified as not popular.
We found that gitlogplus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.