
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
一个轻量级的 Web 端 MySQL 管理工具,风格类似 Navicat。开箱即用,本地启动,适合日常查库、改表、导入导出和临时数据处理。

append / replace / upsertnpx navidog
运行后终端会显示:
🐕 NaviDog starting on http://127.0.0.1:3001
NaviDog listening on http://127.0.0.1:3001
Ctrl + C 停止服务自定义端口:PORT=8080 npx navidog
npm install -g navidog
navidog
以后随时在终端输入 navidog 即可启动,Ctrl + C 停止。
git clone https://github.com/fhyfhy17/navidog.git
cd navidog
npm install
npm run build
npm start
启动后打开 http://127.0.0.1:3001 即可使用。
npm install
npm run dev
开发模式下:
5173(若被占用会顺延到下一个可用端口)3002这样可以避免和 npx navidog / npm start 默认占用的 3001 冲突。
PORT=8080 npm start
# 或
PORT=8080 navidog
http://127.0.0.1:3001.ncx 文件127.0.0.1,仅本机可访问MIT
FAQs
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.