Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Mouselog.js is the client-side agent for Microsoft's Mouselog, a user behavior monitoring platform for websites.
Embed Mouselog in your HTML files:
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/mouselog@0.0.7-beta1/mouselog.js"></script>
<script>
mouselog.run("Your_Server_Url", "Your_Website_Id");
</script>
You can also refer mouselog dynamically in Javascript:
(function() {
var script = document.createElement("script");
script.src = "https://cdn.jsdelivr.net/npm/mouselog@0.0.7-beta1/mouselog.js";
script.onload = () => {
mouselog.run("Your_Server_Url", "Your_Website_Id");
}
var t = document.getElementsByTagName("script");
var s = t.length > 0 ? t[0].parentNode : document.body;
s.appendChild(script, s);
})();
Install Mouselog.js via
npm i mouselog --save
Then load and configure mouselog
const mouselog = require('mouselog');
let config = {
// Set upload mode: "periodic" or "event-triggered"
uploadMode: "periodic",
// If `uploadMode` == "periodic", data will be uploaded every `uploadPeriod` ms.
// If no data are collected in a period, no data will be uploaded
uploadPeriod: 5000,
// If `uploadMode` == "event-triggered"
// The website interaction data will be uploaded when every `frequency` events are captured.
frequency: 50,
// The website interaction data will be encoded by `encoder` before uploading to the server.
encoder: JSON.stringify,
// The response data will be decoded by `decoder`
decoder: x => x,
// Use GET method to upload data? (stringified data will be embedded in URI)
enableGET: false,
// Time interval for resending the failed trace data
resendInterval: 3000
};
Run Mouselog and it will automatically collect all you want.
mouselog.run("YOUR_SERVER_URL", "YOUR_WEBSITE_ID", config);
You can also deactivate Mouselog by calling mouselog.stop()
.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
The mouse tracking agent for Mouselog.
The npm package mouselog receives a total of 19 weekly downloads. As such, mouselog popularity was classified as not popular.
We found that mouselog demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.