Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This project is meant to be a simple to use Javascript library that we include on all Keen IO web projects to track pageviews with a consistent approach and data model. It's meant to be dropped into Keen-Statics, Keen-Web and all other upcoming web projects to track pageviews without requiring any advanced configuration. Core things to know about this library:
pageviews
events automatically on any page it's loaded on.firstInternalReferrer
, firstExternalReferrer
, and other referrer properties in a cookie to be sent along with each pageview
event.keen-tracking.js
library to handle tracking pageviews, setting up cookies, etc.Include the script from the CDN:
<!-- Metakeen.js -->
<script src="https://d26b395fwzu5fz.cloudfront.net/metakeen-1.2.1.min.js"></script>
<script>
$(document).ready(function(){
window.metakeenClient = new window.Metakeen({
enabled: true,
debug: true,
projectId: PROJECT_ID,
writeKey: PROJECT_WRITE_KEY
});
});
</script>
npm run build
.master
.package.json
.deploy
npm task to get the new version on to our CDN.keen-statics
, keen-web
and any other project that uses this library to the latest version.FAQs
Core pageview tracking shared across all Keen web projects.
We found that metakeen demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.