
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
hylo-shared
Advanced tools
The purpose of this library is the sharing of critical code between the Hylo Web and Mobile front-ends and the backend. A primary focus at this time is text handling to ensure consistency of storage and presentation across the apps.
src/
and build using yarn build
(or yarn start
to continuously build)yarn test
to run testsyarn link
in the root of this project, then in the root of the target project (e.g. hylo-evo
or HyloReactNative
) run yarn link hylo-shared
. Your changes should now be available within that project wherever you've imported this library.yarn test
yarn build
git push
npm version <patch|minor|major>
. ⚠️ patch versions should never have breaking changes from previous versiongit push --tags
to push the version tags to the originnpm publish
to publish this new version to the NPM registry. This should be published under the hylodevs
NPM account (see password manager for needed credentials)[5.2.5]
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.