![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
globals
Advanced tools
Package description
The 'globals' npm package provides a collection of global identifiers for various JavaScript environments. It's useful for linting purposes to define a set of global variables that are considered to be legal and expected in a given environment, such as browser, Node.js, or other environments like testing frameworks.
Environment-specific globals
This feature allows you to specify a set of globals for browser environments. When set to true, it includes all the global variables that are expected to be available in a browser context, such as 'window', 'document', etc.
{"browser": true}
Node.js globals
This feature provides a list of global variables specific to Node.js, such as 'global', 'process', 'Buffer', etc. It's useful when you're working in a Node.js environment and want to ensure your linting tools are aware of these globals.
{"node": true}
CommonJS globals
This feature includes globals related to the CommonJS module system, such as 'require', 'exports', and 'module'. It's helpful when working with CommonJS modules to avoid linting errors related to these global identifiers.
{"commonjs": true}
ES6 globals
This feature includes new global variables introduced in ES6/ES2015, like 'Promise', 'Set', 'Map', etc. It's useful for projects that are using ES6 features and want to ensure that these new globals are recognized by linting tools.
{"es6": true}
Testing framework globals
This feature provides globals for the Mocha testing framework, such as 'describe', 'it', 'beforeEach', etc. It's useful for projects that use Mocha for testing to prevent linting errors related to Mocha's global variables.
{"mocha": true}
ESLint is a popular linting tool for JavaScript and JSX. While not a direct alternative to 'globals', it uses the concept of environments, which can be configured to include global variables for specific environments, similar to what 'globals' provides. ESLint is more comprehensive as it includes not only global variable definitions but also a wide range of linting rules for code quality and style.
JSHint is another linting tool that can be configured to recognize global variables in different environments. Like 'globals', it allows you to specify which global variables are allowed in your code to prevent linting errors. JSHint is less customizable than ESLint but serves a similar purpose in managing global variables for linting.
Tern is a stand-alone code-analysis engine for JavaScript that, among other features, can be used to recognize global variables in different environments. While it is not a linting tool per se, it provides functionality that overlaps with 'globals' by understanding the scope and context of code, including global variables.
Readme
Global identifiers from different JavaScript environments
Extracted from JSHint and ESLint and merged.
It's just a JSON file, so use it in whatever environment you like.
Download manually or with a package-manager.
npm install --save globals
bower install --save globals
component install sindresorhus/globals
var globals = require('globals');
console.log(globals.browser);
/*
{
addEventListener: false,
applicationCache: false,
ArrayBuffer: false,
atob: false,
...
}
*/
MIT © Sindre Sorhus
FAQs
Unknown package
We found that globals demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.