Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
messages-modules
Advanced tools
Messages (localized strings) that are scoped locally.
Add the package as a dependency:
npm install messages-modules
⚠️ Note that while this package offers simplistic plugin implementations of
messages-modules
, we do not recommend using them as-is.
We have 2 audiences in mind: internationalization (i18n) packages or advanced users who built their own i18n library in their projects.
Building an i18n library is not a simple task, as a lot of linguistics aspects (e.g., multi-plurals, inline markup) are easy to get wrong. messages-module
has been built with customization in mind, as you can:
If you are interested to see a mature i18n library using messages-modules
, check out next-multilingual
.
In a nutshell, messages-module
relies on compiler plugins to inject messages automatically to avoid writing a lot of boilerplate code like this:
import enUs from './my-file.en-US.json';
import frCa from './my-file.fr-CA.json';
// .. imagine 20 other languages (imports) here depending on your project...
import { Messages } from './messages';
const messages = new Messages([enUs, frCa /** the list goes on... */]);
console.log(messages.format('en-US', 'greeting'));
Now imagine a React application where you have to add this boilerplate code in all your files using messages... And imagine add/removing languages. This is just a disaster waiting to happen.
What we are proposing instead is this simplified syntax, by injecting messages automatically in the functions you want:
import { getMessages } from './messages';
const messages = getMessages();
console.log(messages.format('en-US', 'greeting'));
To keep this simple, the message-modules
plugins only support named imports which means that namespace imports, dynamic imports and require imports are out of scope:
👍 named imports
import { getMessages } from 'messages-modules';
👎 namespace imports
import * as messagesModules from 'messages-modules';
👎 dynamic imports
const { getMessages } = await import('messages-modules');
👎 require imports
const messagesModules = require('messages-modules');
Most Node.js internationalization (i18n) libraries today either come with monolithic files to store all localized messages, or they include the concept of "namespaces" to break down messages in smaller files.
But think about it, do we put all CSS in a single file? Or all HTML markup in a single file? Why would it be any different for localized messages.
Ultimately messages are content that can be use in a given context and making it modular optimizes both its management (see proximity principle) while making client bundles size smaller (faster apps!)
FAQs
Messages (localized strings) that are scoped locally.
We found that messages-modules demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.