Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
global-event-handlers-map
Advanced tools
global-event-handlers-map
GlobalEventHandlers mapped out completely cross browsers
global-event-handlers
GlobalEventHandlers mapped out completely - cross browsers
Using this powerful little tool will map out for you all Global Event Handlers in any browser you'd wish to execute it on.
installation
npm install global-event-handlers-map --save
usage
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const gehsMap = getGlobalEventHandlersMap();
output
a map of all global event listeners in the browser in the following format:
{
'OBJECT': [
'onEVENT1',
'onEVENT2',
'onEVENT3'
]
}
example
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const webSocketGEHsMap = getGlobalEventHandlersMap('WebSocket');
(webSocketGEHsMap == {
"WebSocket": [
"onopen",
"onerror",
"onclose",
"onmessage"
] // results in true
});
here's an example of how to register with your own listener to every global event handler that exists on window!
const windowGEHsMap = getGlobalEventHandlersMap('window')['window'];
for (let i = 0; i < windowGEHsMap.length; i++) {
const geh = windowGEHsMap[i];
window[geh] = (event) => { console.log(event) });
}
options
filter(first optional argument)
allows you to pass a string that must exist within the object in order for it to make it to the final result map:
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const gehsMap = getGlobalEventHandlersMap('*'); // will return a non-filtered map
const gehsMap = getGlobalEventHandlersMap('HTML'); // will return a map that only contains objects that contain the string 'HTML' (such as 'HTMLBodyElement')
const gehsMap = getGlobalEventHandlersMap('Doc'); // will return a map that only contains objects that contain the string 'Doc' (such as 'Document')
default value: '*'
hasOwnProperty(second optional argument)
allows you to pass a boolean that indicates whether iterated object must has iterated property as its own property or not:
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const gehsMap = getGlobalEventHandlersMap('*', true); // will return a map with objects and global event handlers properties that are the object's own properties
const gehsMap = getGlobalEventHandlersMap('*', false); // will return a map with objects and global event handlers properties - whether the properties are the object's own properties or not
default value: true
noEmptyArrays(third optional argument)
allows you to pass a boolean that indicates whether final result object should contain objects that have zero global event handlers or not:
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const gehsMap = getGlobalEventHandlersMap('*', true, true); // will return a map with objects and global event handlers properties only if the object even has any global event handlers
const gehsMap = getGlobalEventHandlersMap('*', true, false); // will return a map with objects and global event handlers properties whether the object has any global event handlers or not
default value: false
debug(fourth optional argument)
allows you to pass a boolean that indicates whether to run module in debug mode or not. debug mode just logs errors in case any are thrown:
const getGlobalEventHandlersMap = require('global-event-handlers-map');
const gehsMap = getGlobalEventHandlersMap('*', true, true, true); // will run in debug mode
const gehsMap = getGlobalEventHandlersMap('*', true, false, false); // will not run in debug mode
default value: false
contribution
in addition to this project there is a website that should show the global event handlers map of every (os + browser) combination that ever existed. in reality however, it shows most of the existing combinations, but not all of them. the maps were extracted using every existing combination in browserstack, but even in browserstack many automatic combinations have failed. also, the extraction script is not automatic and does not run every time there's a new browser/os. contributing to the JSON could help a lot with maintaining the map and keeping it as updated and as accurate as possible. highly appreciated!
FAQs
GlobalEventHandlers mapped out completely cross browsers
The npm package global-event-handlers-map receives a total of 2 weekly downloads. As such, global-event-handlers-map popularity was classified as not popular.
We found that global-event-handlers-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 May 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025