![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
json-replace-exponentials
Advanced tools
Changelog
0.1.0 (2021-03-31)
Readme
This module provides a function which takes a JSON string and replaces all numbers in exponential notation. By default, numbers in exponential notation are replaced by numbers in fixed-point notation. If an optional replacer function is provided, its return value is used instead.
The primary motivation for this module is to produce JSON for programs which handle exponential notation incorrectly (e.g. Azure/autorest#3006).
Using the CLI:
json-replace-exponentials <input-exponentials.json >output-fixed.json
Using the API:
const { readFile, writeFile } = require('fs').promises;
const jsonReplaceExponentials = require('json-replace-exponentials');
readFile('input-exponentials.json', { encoding: 'utf8' })
.then((json) => writeFile(
'output-fixed.json',
JSON.stringify(jsonReplaceExponentials(json), undefined, 2),
);
number
type.RangeError
for numbers where the exponential
is larger than 1,000 or smaller than -1,000 to mitigate unexpected result
size increases for large fixed-point representations.
Warning: Consider this risk when using a custom replacer.json-replace-exponentials
is undefined.This package can be installed using npm, either globally or locally, by running:
npm install json-replace-exponentials
As noted above, by default, exponents larger than 1,000 or -1,000 cause
RangeError
to be thrown. To replace with (non-standard) Infinity
and
Underflow
, and others with the default replacement:
const jsonReplaceExponentials = require('json-replace-exponentials');
function replacer(exponential) {
const match = /[eE]([+-]?)[0-9]{4,}$/.exec(exponential);
if (match) {
return match[1] === '-' ? 'Underflow' : 'Infinity';
}
return jsonReplaceExponentials(exponential);
}
jsonReplaceExponentials(json, replacer);
To use this module as a library, see the API Documentation.
Contributions are appreciated. Contributors agree to abide by the Contributor Covenant Code of Conduct. If this is your first time contributing to a Free and Open Source Software project, consider reading How to Contribute to Open Source in the Open Source Guides.
If the desired change is large, complex, backwards-incompatible, can have significantly differing implementations, or may not be in scope for this project, opening an issue before writing the code can avoid frustration and save a lot of time and effort.
This project is available under the terms of the MIT License. See the summary at TLDRLegal.
FAQs
Unknown package
We found that json-replace-exponentials demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.