
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
hugodep is for analyzing the dependencies in a project to see: how each dependency is used, and which dependencies are useless. The same goals as depcheck, but this code works 100% guaranteed without false alarms, with a 2% of their lines of code.
hugodep is for analyzing the dependencies in a project to see: how each dependency is used, and which dependencies are useless. The same goals as depcheck, but this code works 100% guaranteed without false alarms, with a 2% of their lines of code.
Without need of plugins, this tool supports every language and every syntax you can define in the scripts section of the package.json file.
Pass all the package.json scripts that test and build your code. The package.json scripts should have a finish, i.e. modify scripts that are not builders or stay in watch-mode.
For example and tutorial, with create-react-app we have 4 scripts: start, build, test and eject. Modify the test script to have an execution exit:
"scripts": {
"test": "react-scripts test --watchAll=false",
...
}
Then calling npx, analyze the dependencies for the build, test and eject scripts, omitting start script because is an always-on server:
npx hugodep --run build --run test --run eject
This tool requires node.js. If you want faster results use an SSD.
Set --use-yarn
argument for using the faster yarn. Omitting that argument uses npm.
FAQs
hugodep is for analyzing the dependencies in a project to see: how each dependency is used, and which dependencies are useless. The same goals as depcheck, but this code works 100% guaranteed without false alarms, with a 2% of their lines of code.
The npm package hugodep receives a total of 2 weekly downloads. As such, hugodep popularity was classified as not popular.
We found that hugodep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.