Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
Mailon
V2
usage in koa js
$ npm i lodash nodemailer
config.yaml
server:
protocol: http
hostname: localhost
port: 5000
email:
service: gmail
auth:
user: 'mailer@email.com'
pass: yourpassword
const Koa = require('koa')
const app = new Koa()
const mailer = require('mailon')
const { server, email } = require('config')
app.use(mailer(email, __dirname + '/public'))
/* SERVER */
app.listen(server.port, () => {
const http = require('url').format(server)
console.log(`server running at: ${http}`)
})
controllers
async requestPasswordRecovery(ctx){
const code = await ctx.state.$user.newPasswordRecoveryCode()
if(!code) ctx.cargo.original(ctx.request.body).state('validation')
.loadmsg('code', 'invalid code').error(422)
await ctx.mailer
.to(ctx.state.$user.email)
.subject('Password Revocery Code')
.body(ctx.template.render('email-verification.html', code))
.send()
ctx.body = ctx.cargo.msg(`password recovery email sent to ${ctx.state.$user.email}`)
}
V1
Mailon is a templating engine for tempate emails.
Getting Started
1. Create Templates
Create a template folder anywhere in your project folder. All template files should end in .html. We should stick to the following naming convention filename.langcode.html. The langcode will be used to retrieve the correct translation of the email if your app supports it.
Example Filenames
const exampleFileNameEnglish = 'welcome.en.html'
const exampleFileNameChinese = 'welcome.zh.html'
Example Welcome Email in English: welcome.en.html
<h1>Welcome to company.name</h1>
<p>you have created a new account, below are your account credentials:</p>
<ul>
<li>username: ${user.username}</li>
<li>password: ${user.password}</li>
</ul>
For more information please click <a href="${link}">here</a>
Example Welcome Email in Chinese: welcome.en.html
<h1>账户主次成功</h1>
<p>下边是您账户信息:</p>
<ul>
<li>用户名: ${user.username}</li>
<li>密码: ${user.password}</li>
</ul>
更多信息, 请按<a href="${link}">here</a>
2. Setting up Mailon
const { mailon } = require('./mailmap')
const instance = mailon('path-where-you-store-your-templates')
instance.langTo('zh')
3. Getting and rendering emails with Mailon
instance.get('welcome', data)
output
<h1>账户主次成功</h1>
<p>下边是您账户信息:</p>
<ul>
<li>用户名: some-username</li>
<li>密码: some-password</li>
</ul>
更多信息, 请按<a href="some-link">here</a>
4. Express Middleware Example
Note: if you wish to set the langue you will have set a lang property on your request object before instantiating notis.
const mailon = require('./mailmap')('path-where-you-store-your-templates')
// mount to express app
app.use(mailon())
// accessing in express route
const SomeExpressRoute = async (req, res, next) => {
const data = {
user: { ... },
invoice: { ... }
}
const email = req.mailon.get('some-email-template', data)
next()
}
Keywords
FAQs
#### V2 usage in koa js 1. <code>$ npm i lodash nodemailer</code>
The npm package mailon receives a total of 0 weekly downloads. As such, mailon popularity was classified as not popular.
We found that mailon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 May 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025