Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The 'nan' package stands for 'Native Abstractions for Node.js'. It is a header file that wraps Node.js and V8 APIs, providing a set of utilities for native module developers to create and maintain native addons across Node.js versions.
Simple Asynchronous Operations
This feature allows developers to perform asynchronous operations in their native addons. The code sample demonstrates how to create an asynchronous worker using 'NanAsyncWorker' and queue it with 'NanAsyncQueueWorker'.
const { NanAsyncWorker, NanAsyncQueueWorker } = require('nan');
class MyWorker extends NanAsyncWorker {
constructor(callback) {
super(callback);
}
Execute() {
// perform heavy task
}
HandleOKCallback() {
this->callback().Call(0, nullptr);
}
}
NanAsyncQueueWorker(new MyWorker(new NanCallback(callback)));
Persistent References
This feature provides a way to create persistent references to V8 objects that won't be garbage collected until explicitly cleared. The code sample shows how to create, reset, check, and clear a persistent reference.
const { NanPersistent } = require('nan');
let persistent = new NanPersistent<v8::Object>();
persistent.Reset(obj); // obj is a V8 object
persistent.IsEmpty(); // checks if the persistent handle is empty
persistent.Clear(); // clears the persistent handle
Callbacks
This feature allows native module developers to store and invoke callbacks. The code sample illustrates how to create a 'NanCallback' from a V8 function and invoke it with no arguments.
const { NanCallback } = require('nan');
let callback = new NanCallback(info[0].As<v8::Function>());
callback.Call(0, nullptr);
node-addon-api is an alternative to 'nan' that provides a C++ wrapper classes which simplify the use of the Node.js Addon API. It aims to provide a more stable API across Node.js versions and is recommended by the Node.js team as the primary interface for writing native addons.
ffi-napi is a Node.js addon for loading and calling dynamic libraries using pure JavaScript. It is similar to 'nan' in that it allows interaction with native code, but it focuses on foreign function interfaces rather than providing abstractions for writing native modules.
ref-napi is a package that provides a way to create, access, and manipulate binary data in Buffer instances in Node.js. It is similar to 'nan' in that it deals with native memory management, but it is more focused on buffer manipulation rather than abstracting Node.js and V8 APIs.
A header file filled with macro and utility goodness for making add-on development for Node.js easier across versions 0.8, 0.10 and 0.11, and eventually 0.12.
Current version: 0.6.0 (See nan.h for complete ChangeLog)
Thanks to the crazy changes in V8 (and some in Node core), keeping native addons compiling happily across versions, particularly 0.10 to 0.11/0.12, is a minor nightmare. The goal of this project is to store all logic necessary to develop native Node.js addons without having to inspect NODE_MODULE_VERSION
and get yourself into a macro-tangle.
This project also contains some helper utilities that make addon development a bit more pleasant.
The version of V8 that's shipping with Node 0.11.9+ has changed the signature for new Local
s to: v8::Local<T>::New(isolate, value)
, i.e. introducing the isolate
argument and therefore breaking all new Local
declarations for previous versions. NAN 0.6+ now includes a NanNewLocal<T>(value)
that can be used in place to work around this incompatibility and maintain compatibility with 0.8->0.11.9+ (minus a few early 0.11 releases).
For example, if you wanted to return a null
on a callback you will have to change the argument from v8::Local<v8::Value>::New(v8::Null())
to NanNewLocal<v8::Value>(v8::Null())
.
"include_dirs"
for NANInclusion of NAN in a project's binding.gyp is now greatly simplified. You can now just use "<!(node -e \"require('nan')\")"
in your "include_dirs"
, see example below.
Simply add NAN as a dependency in the package.json of your Node addon:
$ npm install --save nan
Pull in the path to NAN in your binding.gyp so that you can use #include "nan.h"
in your .cpp files:
"include_dirs" : [
"<!(node -e \"require('nan')\")"
]
This works like a -I<path-to-NAN>
when compiling your addon.
See LevelDOWN for a full example of NAN in use.
For a simpler example, see the async pi estimation example in the examples directory for full code and an explanation of what this Monte Carlo Pi estimation example does. Below are just some parts of the full example that illustrate the use of NAN.
Compare to the current 0.10 version of this example, found in the node-addon-examples repository and also a 0.11 version of the same found here.
Note that there is no embedded version sniffing going on here and also the async work is made much simpler, see below for details on the NanAsyncWorker
class.
// addon.cc
#include <node.h>
#include "nan.h"
// ...
using namespace v8;
void InitAll(Handle<Object> exports) {
exports->Set(NanSymbol("calculateSync"),
FunctionTemplate::New(CalculateSync)->GetFunction());
exports->Set(NanSymbol("calculateAsync"),
FunctionTemplate::New(CalculateAsync)->GetFunction());
}
NODE_MODULE(addon, InitAll)
// sync.h
#include <node.h>
#include "nan.h"
NAN_METHOD(CalculateSync);
// sync.cc
#include <node.h>
#include "nan.h"
#include "sync.h"
// ...
using namespace v8;
// Simple synchronous access to the `Estimate()` function
NAN_METHOD(CalculateSync) {
NanScope();
// expect a number as the first argument
int points = args[0]->Uint32Value();
double est = Estimate(points);
NanReturnValue(Number::New(est));
}
// async.cc
#include <node.h>
#include "nan.h"
#include "async.h"
// ...
using namespace v8;
class PiWorker : public NanAsyncWorker {
public:
PiWorker(NanCallback *callback, int points)
: NanAsyncWorker(callback), points(points) {}
~PiWorker() {}
// Executed inside the worker-thread.
// It is not safe to access V8, or V8 data structures
// here, so everything we need for input and output
// should go on `this`.
void Execute () {
estimate = Estimate(points);
}
// Executed when the async work is complete
// this function will be run inside the main event loop
// so it is safe to use V8 again
void HandleOKCallback () {
NanScope();
Local<Value> argv[] = {
Local<Value>::New(Null())
, Number::New(estimate)
};
callback->Call(2, argv);
};
private:
int points;
double estimate;
};
// Asynchronous access to the `Estimate()` function
NAN_METHOD(CalculateAsync) {
NanScope();
int points = args[0]->Uint32Value();
NanCallback *callback = new NanCallback(args[1].As<Function>());
NanAsyncQueueWorker(new PiWorker(callback, points));
NanReturnUndefined();
}
NAN_METHOD
NAN_GETTER
NAN_SETTER
NAN_PROPERTY_GETTER
NAN_PROPERTY_SETTER
NAN_PROPERTY_ENUMERATOR
NAN_PROPERTY_DELETER
NAN_PROPERTY_QUERY
NAN_INDEX_GETTER
NAN_INDEX_SETTER
NAN_INDEX_ENUMERATOR
NAN_INDEX_DELETER
NAN_INDEX_QUERY
NAN_WEAK_CALLBACK
NAN_DEPRECATED
NAN_INLINE
NanNewLocal
NanReturnValue
NanReturnUndefined
NanReturnNull
NanReturnEmptyString
NanScope
NanLocker
NanUnlocker
NanGetInternalFieldPointer
NanSetInternalFieldPointer
NanObjectWrapHandle
NanMakeWeak
NanSymbol
NanGetPointerSafe
NanSetPointerSafe
NanFromV8String
NanBooleanOptionValue
NanUInt32OptionValue
NanError
, NanTypeError
, NanRangeError
NanThrowError
, NanThrowTypeError
, NanThrowRangeError
, NanThrowError(Handle)
, NanThrowError(Handle, int)
NanNewBufferHandle(char *, size_t, FreeCallback, void *)
, NanNewBufferHandle(char *, uint32_t)
, NanNewBufferHandle(uint32_t)
NanBufferUse(char *, uint32_t)
NanNewContextHandle
NanHasInstance
NanPersistentToLocal
NanDispose
NanAssignPersistent
NanInitPersistent
NanCallback
NanAsyncWorker
NanAsyncQueueWorker
Use NAN_METHOD
to define your V8 accessible methods:
// .h:
class Foo : public node::ObjectWrap {
...
static NAN_METHOD(Bar);
static NAN_METHOD(Baz);
}
// .cc:
NAN_METHOD(Foo::Bar) {
...
}
NAN_METHOD(Foo::Baz) {
...
}
The reason for this macro is because of the method signature change in 0.11:
// 0.10 and below:
Handle<Value> name(const Arguments& args)
// 0.11 and above
void name(const FunctionCallbackInfo<Value>& args)
The introduction of FunctionCallbackInfo
brings additional complications:
Use NAN_GETTER
to declare your V8 accessible getters. You get a Local<String>
property
and an appropriately typed args
object that can act like the args
argument to a NAN_METHOD
call.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_GETTER
.
Use NAN_SETTER
to declare your V8 accessible setters. Same as NAN_GETTER
but you also get a Local<Value>
value
object to work with.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_SETTER
.
Use NAN_PROPERTY_GETTER
to declare your V8 accessible property getters. You get a Local<String>
property
and an appropriately typed args
object that can act similar to the args
argument to a NAN_METHOD
call.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_PROPERTY_GETTER
.
Use NAN_PROPERTY_SETTER
to declare your V8 accessible property setters. Same as NAN_PROPERTY_GETTER
but you also get a Local<Value>
value
object to work with.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_PROPERTY_SETTER
.
Use NAN_PROPERTY_ENUMERATOR
to declare your V8 accessible property enumerators. You get an appropriately typed args
object like the args
argument to a NAN_PROPERTY_GETTER
call.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_PROPERTY_ENUMERATOR
.
Use NAN_PROPERTY_DELETER
to declare your V8 accessible property deleters. Same as NAN_PROPERTY_GETTER
.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_PROPERTY_DELETER
.
Use NAN_PROPERTY_QUERY
to declare your V8 accessible property queries. Same as NAN_PROPERTY_GETTER
.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_PROPERTY_QUERY
.
Use NAN_INDEX_GETTER
to declare your V8 accessible index getters. You get a uint32_t
index
and an appropriately typed args
object that can act similar to the args
argument to a NAN_METHOD
call.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_INDEX_GETTER
.
Use NAN_INDEX_SETTER
to declare your V8 accessible index setters. Same as NAN_INDEX_GETTER
but you also get a Local<Value>
value
object to work with.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_INDEX_SETTER
.
Use NAN_INDEX_ENUMERATOR
to declare your V8 accessible index enumerators. You get an appropriately typed args
object like the args
argument to a NAN_INDEX_GETTER
call.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_INDEX_ENUMERATOR
.
Use NAN_INDEX_DELETER
to declare your V8 accessible index deleters. Same as NAN_INDEX_GETTER
.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_INDEX_DELETER
.
Use NAN_INDEX_QUERY
to declare your V8 accessible index queries. Same as NAN_INDEX_GETTER
.
You can use NanReturnNull()
, NanReturnEmptyString()
, NanReturnUndefined()
and NanReturnValue()
in a NAN_INDEX_QUERY
.
Use NAN_WEAK_CALLBACK
to declare your V8 WeakReference callbacks. There is an object argument accessible through NAN_WEAK_CALLBACK_OBJECT
. The type
argument gives the type of the data
argument, accessible through NAN_WEAK_CALLBACK_DATA(type)
.
static NAN_WEAK_CALLBACK(BufferReference*, WeakCheck) {
if (NAN_WEAK_CALLBACK_DATA(BufferReference*)->noLongerNeeded_) {
delete NAN_WEAK_CALLBACK_DATA(BufferReference*);
} else {
// Still in use, revive, prevent GC
NanMakeWeak(NAN_WEAK_CALLBACK_OBJECT, NAN_WEAK_CALLBACK_DATA(BufferReference*), &WeakCheck);
}
}
Declares a function as deprecated. Identical to V8_DEPRECATED
.
static NAN_DEPRECATED(NAN_METHOD(foo)) {
...
}
Inlines a function. Identical to V8_INLINE
.
static NAN_INLINE(int foo(int bar)) {
...
}
Use NanNewLocal
in place of v8::Local<T>::New(...)
as this function
requires an isolate
argument in recent versions of V8 but not in older versions.
NanNewLocal<v8::Value>(v8::Null())
Use NanReturnValue
when you want to return a value from your V8 accessible method:
NAN_METHOD(Foo::Bar) {
...
NanReturnValue(String::New("FooBar!"));
}
No return
statement required.
Use NanReturnUndefined
when you don't want to return anything from your V8 accessible method:
NAN_METHOD(Foo::Baz) {
...
NanReturnUndefined();
}
Use NanReturnNull
when you want to return Null
from your V8 accessible method:
NAN_METHOD(Foo::Baz) {
...
NanReturnNull();
}
Use NanReturnEmptyString
when you want to return an empty String
from your V8 accessible method:
NAN_METHOD(Foo::Baz) {
...
NanReturnEmptyString();
}
The introduction of isolate
references for many V8 calls in Node 0.11 makes NanScope()
necessary, use it in place of HandleScope scope
:
NAN_METHOD(Foo::Bar) {
NanScope();
NanReturnValue(String::New("FooBar!"));
}
The introduction of isolate
references for many V8 calls in Node 0.11 makes NanLocker()
necessary, use it in place of Locker locker
:
NAN_METHOD(Foo::Bar) {
NanLocker();
...
NanUnlocker();
}
The introduction of isolate
references for many V8 calls in Node 0.11 makes NanUnlocker()
necessary, use it in place of Unlocker unlocker
:
NAN_METHOD(Foo::Bar) {
NanLocker();
...
NanUnlocker();
}
Gets a pointer to the internal field with at index
from a V8 Object
handle.
Local<Object> obj;
...
NanGetInternalFieldPointer(obj, 0);
Sets the value of the internal field at index
on a V8 Object
handle.
static Persistent<Function> dataWrapperCtor;
...
Local<Object> wrapper = NanPersistentToLocal(dataWrapperCtor)->NewInstance();
NanSetInternalFieldPointer(wrapper, 0, this);
When you want to fetch the V8 object handle from a native object you've wrapped with Node's ObjectWrap
, you should use NanObjectWrapHandle
:
NanObjectWrapHandle(iterator)->Get(String::NewSymbol("end"))
Make a persistent reference weak.
This isn't strictly about compatibility, it's just an easier way to create string symbol objects (i.e. String::NewSymbol(x)
), for getting and setting object properties, or names of objects.
bool foo = false;
if (obj->Has(NanSymbol("foo")))
foo = optionsObj->Get(NanSymbol("foo"))->BooleanValue()
A helper for getting values from optional pointers. If the pointer is NULL
, the function returns the optional default value, which defaults to 0
. Otherwise, the function returns the value the pointer points to.
char *plugh(uint32_t *optional) {
char res[] = "xyzzy";
uint32_t param = NanGetPointerSafe<uint32_t>(optional, 0x1337);
switch (param) {
...
}
NanSetPointerSafe<uint32_t>(optional, 0xDEADBEEF);
}
A helper for setting optional argument pointers. If the pointer is NULL
, the function simply return false
. Otherwise, the value is assigned to the variable the pointer points to.
const char *plugh(size_t *outputsize) {
char res[] = "xyzzy";
if !(NanSetPointerSafe<size_t>(outputsize, strlen(res) + 1)) {
...
}
...
}
When you want to convert a V8 String
to a char*
use NanFromV8String
. It is possible to define an encoding that defaults to Nan::UTF8
as well as a pointer to a variable that will be assigned the number of bytes in the returned string. It is also possible to supply a buffer and its length to the function in order not to have a new buffer allocated. The final argument allows optionally setting String::WriteOptions
, which default to String::HINT_MANY_WRITES_EXPECTED | String::NO_NULL_TERMINATION
.
Just remember that you'll end up with an object that you'll need to delete[]
at some point unless you supply your own buffer:
size_t count;
char* name = NanFromV8String(args[0]);
char* decoded = NanFromV8String(args[1], Nan::BASE64, &count, NULL, 0, String::HINT_MANY_WRITES_EXPECTED);
char param_copy[count];
memcpy(param_copy, decoded, count);
delete[] decoded;
When you have an "options" object that you need to fetch properties from, boolean options can be fetched with this pair. They check first if the object exists (IsEmpty
), then if the object has the given property (Has
) then they get and convert/coerce the property to a bool
.
The optional last parameter is the default value, which is false
if left off:
// `foo` is false unless the user supplies a truthy value for it
bool foo = NanBooleanOptionValue(optionsObj, NanSymbol("foo"));
// `bar` is true unless the user supplies a falsy value for it
bool bar = NanBooleanOptionValueDefTrue(optionsObj, NanSymbol("bar"), true);
Similar to NanBooleanOptionValue
, use NanUInt32OptionValue
to fetch an integer option from your options object. Can be any kind of JavaScript Number
and it will be coerced to an unsigned 32-bit integer.
Requires all 3 arguments as a default is not optional:
uint32_t count = NanUInt32OptionValue(optionsObj, NanSymbol("count"), 1024);
For making Error
, TypeError
and RangeError
objects.
Local<Value> res = NanError("you must supply a callback argument");
For throwing Error
, TypeError
and RangeError
objects. You should return
this call:
return NanThrowError("you must supply a callback argument");
Can also handle any custom object you may want to throw. If used with the error code argument, it will add the supplied error code to the error object as a property called code
.
The Buffer
API has changed a little in Node 0.11, this helper provides consistent access to Buffer
creation:
NanNewBufferHandle((char*)value.data(), value.size());
Can also be used to initialize a Buffer
with just a size
argument.
Can also be supplied with a NAN_WEAK_CALLBACK
and a hint for the garbage collector, when dealing with weak references.
Buffer::New(char*, uint32_t)
prior to 0.11 would make a copy of the data.
While it was possible to get around this, it required a shim by passing a
callback. So the new API Buffer::Use(char*, uint32_t)
was introduced to remove
needing to use this shim.
NanBufferUse
uses the char*
passed as the backing data, and will free the
memory automatically when the weak callback is called. Keep this in mind, as
careless use can lead to "double free or corruption" and other cryptic failures.
Can be used to check the type of an object to determine it is of a particular class you have already defined and have a Persistent<FunctionTemplate>
handle for.
Aside from FunctionCallbackInfo
, the biggest and most painful change to V8 in Node 0.11 is the many restrictions now placed on Persistent
handles. They are difficult to assign and difficult to fetch the original value out of.
Use NanPersistentToLocal
to convert a Persistent
handle back to a Local
handle.
Local<Object> handle = NanPersistentToLocal(persistentHandle);
### Local<Context> NanNewContextHandle([ExtensionConfiguration*, Handle<ObjectTemplate>, Handle<Value>])
Creates a new `Local` handle.
Local<FunctionTemplate> ftmpl = FunctionTemplate::New();
Local<ObjectTemplate> otmpl = ftmpl->InstanceTemplate();
Local<Context> ctx = NanNewContextHandle(NULL, otmpl);
Use NanDispose
to dispose a Persistent
handle.
NanDispose(persistentHandle);
Use NanAssignPersistent
to assign a non-Persistent
handle to a Persistent
one. You can no longer just declare a Persistent
handle and assign directly to it later, you have to Reset
it in Node 0.11, so this makes it easier.
In general it is now better to place anything you want to protect from V8's garbage collector as properties of a generic Object
and then assign that to a Persistent
. This works in older versions of Node also if you use NanAssignPersistent
:
Persistent<Object> persistentHandle;
...
Local<Object> obj = Object::New();
obj->Set(NanSymbol("key"), keyHandle); // where keyHandle might be a Local<String>
NanAssignPersistent(Object, persistentHandle, obj)
User NanInitPersistent
to declare and initialize a new Persistent
with the supplied object. The assignment operator for Persistent
is no longer public in Node 0.11, so this macro makes it easier to declare and initializing a new Persistent
. See NanAssignPersistent
for more information.
Local<Object> obj = Object::New();
obj->Set(NanSymbol("key"), keyHandle); // where keyHandle might be a Local<String>
NanInitPersistent(Object, persistentHandle, obj);
Because of the difficulties imposed by the changes to Persistent
handles in V8 in Node 0.11, creating Persistent
versions of your Local<Function>
handles is annoyingly tricky. NanCallback
makes it easier by taking your Local
handle, making it persistent until the NanCallback
is deleted and even providing a handy Call()
method to fetch and execute the callback Function
.
Local<Function> callbackHandle = args[0].As<Function>();
NanCallback *callback = new NanCallback(callbackHandle);
// pass `callback` around and it's safe from GC until you:
delete callback;
You can execute the callback like so:
// no arguments:
callback->Call(0, NULL);
// an error argument:
Local<Value> argv[] = {
Exception::Error(String::New("fail!"))
};
callback->Call(1, argv);
// a success argument:
Local<Value> argv[] = {
Local<Value>::New(Null()),
String::New("w00t!")
};
callback->Call(2, argv);
NanCallback
also has a Local<Function> GetCallback()
method that you can use to fetch a local handle to the underlying callback function if you need it.
NanAsyncWorker
is an abstract class that you can subclass to have much of the annoying async queuing and handling taken care of for you. It can even store arbitrary V8 objects for you and have them persist while the async work is in progress.
See a rough outline of the implementation:
class NanAsyncWorker {
public:
NanAsyncWorker (NanCallback *callback);
// Clean up persistent handles and delete the *callback
virtual ~NanAsyncWorker ();
// Check the `char *errmsg` property and call HandleOKCallback()
// or HandleErrorCallback depending on whether it has been set or not
virtual void WorkComplete ();
// You must implement this to do some async work. If there is an
// error then allocate `errmsg` to to a message and the callback will
// be passed that string in an Error object
virtual void Execute ();
// Save a V8 object in a Persistent handle to protect it from GC
void SavePersistent(const char *key, Local<Object> &obj);
// Fetch a stored V8 object (don't call from within `Execute()`)
Local<Object> GetFromPersistent(const char *key);
protected:
// Set this if there is an error, otherwise it's NULL
const char *errmsg;
// Default implementation calls the callback function with no arguments.
// Override this to return meaningful data
virtual void HandleOKCallback ();
// Default implementation calls the callback function with an Error object
// wrapping the `errmsg` string
virtual void HandleErrorCallback ();
};
NanAsyncQueueWorker
will run a NanAsyncWorker
asynchronously via libuv. Both the execute and after_work steps are taken care of for you—most of the logic for this is embedded in NanAsyncWorker
.
NAN is only possible due to the excellent work of the following contributors:
Rod Vagg | GitHub/rvagg | Twitter/@rvagg |
---|---|---|
Benjamin Byholm | GitHub/kkoopa | |
Trevor Norris | GitHub/trevnorris | Twitter/@trevnorris |
Nathan Rajlich | GitHub/TooTallNate | Twitter/@TooTallNate |
Copyright (c) 2013 NAN contributors (listed above).
Native Abstractions for Node.js is licensed under an MIT +no-false-attribs license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE file for more details.
0.6.0 Nov 21 2013
FAQs
Native Abstractions for Node.js: C++ header for Node 0.8 -> 23 compatibility
The npm package nan receives a total of 12,045,582 weekly downloads. As such, nan popularity was classified as popular.
We found that nan demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.