
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
haluo-util
Advanced tools
哈罗摩托工具库
npm publish
npm unpublish --force // 强制删除
npm unpublish haluo-util@0.0.0 // 指定版本号
npm install -D haluo-util
// npm install -D @types/haluo-util # 使用ts构建时
// 挂载的方式(推荐)
import util from 'haluo-util'
util.install(Vue)
this.$date、this.$match、this.$number、this.$tools
// 方式一
import { date, filter, match, number, tools } from 'haluo-util' // 全量引用
// 方式二
import match from 'haluo-util/dist/modules/match' // 局部引用
// 方式三
const date = require('haluo-util').date // 全量引用
// 方式四
import haluoUtil from 'haluo-util' // 全量引用
date.formatPassTime(1586840260500)
import { date } from 'haluo-util';
date.format(new Date()) // 默认格式 'yyyy-MM-dd hh:mm:ss'
date.format(new Date(), 'yyyy:MM:dd') // 自定义格式 'yyyy.MM.dd'
常用函数工具库(防抖、节流、正则类型检测、深浅拷贝等)
import { tools } from 'haluo-util';
methods: {
sumbit: tools.debounce(func, 300)(args),
}
throttle : 节流
deepCopy :拷贝
import { match } from 'haluo-util';
支持类型有ip、phone(手机号码)、email(邮箱)、IDCard(身份证)、url(网址)、number(数字)
match.checkType('13111111111', 'phone') //检测手机
match.checkType('wanghui@jddmoto.com', 'email') //检测邮箱
捕获异常信息
import { sentry } from 'haluo-util';
const option = {
dsn: http://753ce3bf82e94ab0aa7b5e62fae16d3c@sentry.***.com:9000/2
}
const Sentry = sentry.getInstance(Vue, option);
Vue.prototype.$sentry = sentry;
this.$sentry.log('test');
FAQs
The npm package haluo-util receives a total of 5 weekly downloads. As such, haluo-util popularity was classified as not popular.
We found that haluo-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.