
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
String templating system inspired by doT. It parses template string into javascript function, which in turn can be called with data to return parsed string.
It returns verbatim string (no escaping, etc) makin it useful for generation of configuration files.
It should be augumented with HTML escaper when using on web. Escaping is not implemented by design.
var output = ktl(template)(data);
All values support complete JavaScript notation. You can freely use operators, methods, global scope objects (ie. Math), etc.
| Tag | Meaning |
|---|---|
{{ prop }} | Selected property of object passed to parser |
{{ prop.sub }} | Subproperties can be accessed with dot notation |
{{ method() }} | Methods can be called |
{{ value.toFixed(2) }} | Methods of properties can allso be called |
{{ prop ? prop : '-' }} | All operators are available (in this case: default to '-') |
{{ _ }} | Verbatim object passed to parser, cast to string. Usefull in iterations. |
{{ _.toFixed(4) }} | Methods can also be called on verbatim objects |
Iteration starts with {{# <array> }} and ends with {{#}}. Iterations can be nested. String
between {{# <array> }} and {{#}} is treated as new template. Verbatim evaluation ({{ _ }}) is
usefull for arrays of primitives. $ is available as index inside iteration.
| Tag | Meaning |
|---|---|
{{# array }} | Iterate over array passed as {array:[]} to parser |
{{# _ }} | Verbatim iteration (when passing [] to parser) |
Template:
Hi {{ name }}! You have {{ messages.length || 'no' }} new messages.
{{# messages }}
{{ title.toUppercase() }}: from {{ from }}
{{#}}
Data:
{
"name":"koder",
"messages": [
{ "title": "message 1", "from": "koder" },
{ "title": "message 2", "from": "dekoder" }
]
}
Output
Hi koder! You have 2 new messages.
MESSAGE 1: from koder
MESSAGE 2: from dekoder
Most templating languages are web-centric. I required a templating language which works on strings without assuming what those strings will be used for.
FAQs
Koder's Template Language
The npm package ktl receives a total of 5 weekly downloads. As such, ktl popularity was classified as not popular.
We found that ktl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.