
Research
Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.
ip-address
Advanced tools
ip-address is a library for validating and manipulating IPv4 and IPv6
addresses in JavaScript.
The dependency on jsbn was removed thanks to
michal-kocarek. Thanks Michal! For
clarity, all methods with BigInteger in the name were renamed to BigInt.
#fromBigInteger() → #fromBigInt(); now returns a native BigInt#bigInteger() → #bigInt(); now returns a native BigIntDocumentation is available at ip-address.js.org.
var Address6 = require('ip-address').Address6;
var address = new Address6('2001:0:ce49:7601:e866:efff:62c3:fffe');
var teredo = address.inspectTeredo();
teredo.client4; // '157.60.0.1'
Address6.fromURL(url)::ffff:192.168.0.1)The 'ip' package provides basic utilities for IP address manipulation, including subnet calculations and IP version checking. It's simpler and has fewer features compared to 'ip-address', which offers more comprehensive IPv6 support and address parsing capabilities.
The 'cidr-js' package is focused on CIDR (Classless Inter-Domain Routing) block calculations, such as checking if an IP address is within a CIDR block. While it overlaps with some functionalities of 'ip-address', it doesn't provide as extensive support for individual IP address manipulations or validations.
FAQs
A library for parsing IPv4 and IPv6 IP addresses in node and the browser.
The npm package ip-address receives a total of 38,450,942 weekly downloads. As such, ip-address popularity was classified as popular.
We found that ip-address demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.

Security News
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.

Security News
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.