Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Package for running a Lua VM in a Web Worker.
If you prebuilt the worker.js
file, you can specify its location when
calling the luaworker
module function:
var lua = require('luaworker')('worker.js');
lua.execute('name = "Lua"');
lua.execute('print("Hello from " .. name .. "!")', function (err, buffer) {
console.log(buffer);
});
To be able to run this in a browser, you need to use a framework that supports CommonJS modules (for example: Browserify).
To get the necessary files from this package, install it with NPM:
npm install --save luaworker
As stated above, you need to first package this code so that it can run in a browser. You can do this with, for example, Browserify.
Here's how you'd create the JavaScript files to run in your browser, assuming you are using the code in the Example section above:
# Bundle the Worker code into its own file:
browserify node_modules/luaworker/worker.js -o worker.js
# Put the code from the Example section into main.js, then run this:
browserify main.js -o app.js
If you run this, you should see the output "Hello from Lua!" in your console.
Note that this hasn't been optimized yet, so if you don't minimize your
code (by using UglifyJS, for example), you may end up with a huge
worker.js
file.
To build the required JavaScript, you need to have Emscripten in
your PATH. To build, simply run ./build
.
The work in emlua.patch
is borrowed from kripken's lua.vm.js.
Note: This does not include the Lua → JS bridge, since allowing access to JavaScript from Lua might not always be desirable.
FAQs
Package for running a Lua VM in a Web Worker.
The npm package luaworker receives a total of 0 weekly downloads. As such, luaworker popularity was classified as not popular.
We found that luaworker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.