Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
imagemanipulatorly
Advanced tools
Transform your images programmatically with ease using the image-manipulator npm package. This package provides several functionalities to manipulate images in various ways.
This template provides a minimal setup to get React and Aleo working in Vite with HMR and some ESLint rules.
This template includes a Leo program that is loaded by the web app located in
the helloworld
directory.
Note: Webpack is currently used for production builds due to a bug with Vite related to nested workers.
npm run dev
Your app should be running on http://localhost:5173/
Copy the helloworld/.env.example
to helloworld/.env
(this will be ignored
by Git):
cd helloworld
cp .env.example .env
Replace PRIVATE_KEY=user1PrivateKey
in the .env
with your own key (you
can use an existing one or generate your own at https://aleo.tools/account)
Follow instructions to install Leo here: https://github.com/AleoHQ/leo
You can edit helloworld/src/main.leo
and run leo run
to compile and update the
Aleo instructions under build
which are loaded by the web app.
[!WARNING]
This is for demonstration purposes or local testing only, in production applications you should avoid building a public facing web app with private key information
Information on generating a private key, seeding a wallet with funds, and finding a spendable record can be found here if you are unfamiliar: https://developer.aleo.org/testnet/getting_started/deploy_execute_demo
Aleo programs deployed require unique names, make sure to edit the program's name to something unique in helloworld/src/main.leo
, helloworld/program.json
, rename helloworld/inputs/helloworld.in
and rebuild.
In the worker.js
file modify the privateKey to be an account with available
funds
// Use existing account with funds
const account = new Account({
privateKey: "user1PrivateKey",
});
(Optional) Provide a fee record manually (located in commented code within worker.js
)
If you do not provide a manual fee record, the SDK will attempt to scan for a record starting at the latest block. A simple way to speed this up would be to make a public transaction to this account right before deploying.
Run the web app and hit the deploy button
npm run build
Upload dist
folder to your host of choice.
DOMException: Failed to execute 'postMessage' on 'Worker': SharedArrayBuffer transfer requires self.crossOriginIsolated
If you get a warning similar to this when deploying your application, you need to make sure your web server is configured with the following headers:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
We've included a _headers
file that works with some web hosts (e.g. Netlify)
but depending on your host / server setup you may need to configure the headers
manually.
FAQs
Transform your images programmatically with ease using the image-manipulator npm package. This package provides several functionalities to manipulate images in various ways.
The npm package imagemanipulatorly receives a total of 3 weekly downloads. As such, imagemanipulatorly popularity was classified as not popular.
We found that imagemanipulatorly demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.