![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
immp
Advanced tools
Readme
This is an express middleware for manipulating images with imageMagick/graphicsMagic. You can also set it up to act as a proxy.
This is very useful for web development where thumbnails and cropping is done. Instead of doing it by hand, just specify the size and ratio in the url.
http://localhost:3000/im/?image=test.jpg&crop=16x9&resize=200x113
If you enable proxy mode, you can proxy images from other services like Amazon S3
http://localhost:3000/im/?http://s3.amazonaws.com/yourbucket/youimg.png&crop=1x1
Install the immp module with
npm install --save immp
You will also need either imageMagick or graphicsMagic installed.
On linux install them using:
sudo apt-get install imagemagick graphicsmagick
or Mac
brew install imagemagick
brew install graphicsmagick
In your app.js (assuming a standard express.js setup), add the following lines.
var immp = require('immp');
app.use('/im/*', immp({
ttl: 1000 * 60 * 60 * 24 * 7, // 1 week
imageMagick: true,
graphicsMagick: true,
cacheFolder: os.tmpdir(),
allowProxy: false,
imageDir: process.cwd()
}));
All of the config variables are optional and default to the values in the example above.
Crop an image to 16:9
http://localhost:3000/im/?image=test.jpg&crop=16x9
Resize an image to 100x100
http://localhost:3000/im/?image=test.jpg&resize=100x100
Resize to 100x100 and change the ratio to 1:1
http://localhost:3000/im/?image=test.jpg&crop=1x1&resize=100x100
If you enable proxy mode, you can proxy images from other services like Amazon S3
http://localhost:3000/im/?http://s3.amazonaws.com/yourbucket/youimg.png&crop=1x1
If you want to help contribute (thank you), there is an included server and test images in the that will help you. No automated unit tests yet though.
Setup with
git clone git@github.com:garrows/IMMP.git
cd IMMP
npm install
npm start
Now go to http://localhost:3000/
For faster development open these 2 commands in different windows
nodemon
live-reload --port=35729 --delay=600
FAQs
Unknown package
The npm package immp receives a total of 0 weekly downloads. As such, immp popularity was classified as not popular.
We found that immp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.