Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
hotcode
Since it is a totally separate tool you don't have to integrate it into your project's backend and it works with any language.
What does hotcode do?
hotcode is a local development tool that allows you to watch for file changes on a local file path and reloads your web project as a result of a change.
This means you don't have to hit refresh every time you make a change and if the change is a css file it allows you to refresh the CSS without loosing state on the current page.
Install
npm install hotcode
How to use
- Run
hotcodein terminal - A browser window should now open up (it runs
open http://host:port) - Insert url (
http://projectname.mydomain.com) in "Url" input, press return. - Insert path (
/var/www/projectname/) in "Watch path" input, press return. - Start making changes to files in the path and see how hotcode reloads the view.
- Be more productive.
Args
hotcode -p 8000 -u vhost.local -s
- -p [int] , port,
8080 - -h [str] , host,
vhost.local - -s, silent, doesn't open a browser window on start
Helper file (predefined paths for urls)
You can add a helper file to hotcode so that you don't have to enter the watch path every time you enter an url.
At ~/.hotcode you can insert:
module.exports = [
{
'regex': /http:\/\/(.+?).mydomain.com/
, 'watches': function(regexMatches, callback) {
callback(null, '/var/www/'+regexMatches[1]);
}
}
];
This makes it so that hotcode will insert the path /var/www/subdomain automatically when you insert an url matching the regex supplied.
Requirements
Add http://yourhost:8080/static/injected.js as a script on your project page or through a http proxy like Glimmerblocker.
Ordinary script tag
<script src="http://yourhost:8080/static/injected.js" type="text/javascript"></script>
Glimmerblocker
- Open Glimmerblocker pref pane.
- New rule.
- Action: Whitelist URL, optinally modifying content.
- Enter a match for the host.
- Paste the following code (modified) in the javascript tabs input area:
var hcH = document.getElementsByTagName('HEAD').item(0);
var hcS= document.createElement("script");
hcS.type = "text/javascript";
hcS.src="http://yourhost:8080/static/injected.js";
hcH.appendChild(hcS);
Thanks
- http://p.yusukekamiyamane.com/ for the flame graphic used in the favicon.
FAQs
File monitor script for local development.
The npm package hotcode receives a total of 8 weekly downloads. As such, hotcode popularity was classified as not popular.
We found that hotcode demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Oct 2011
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025