![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
nodebb-theme-ponpomu
Advanced tools
Readme
基于nodebb-widget-essentials制作,使用前需要卸载nodebb-widget-essentials插件
本主题是 NodeBB 主题的快速开发轮子,您可以通过本项目来快速初始化您的 NodeBB 主题项目。如果您需要基于其他主题的子主题,可以修改 theme.json 中的相关字段。创建本项目是为了促进 NodeBB 追随 ES 的现代化。 您可以通过本项目来使用任何的 ES6+ 语法(如果不考虑引擎支持)。 有关 NodeBB 的 Hooks, 以及其他的开发信息。请访问 NodeBB 社区 或者 Github 中的 Wiki。
请注意: NodeBB v1.13.x 系统函数库,钩子已经基本支持 Promise 回调。 因此,本库不再提供兼容回滚。
.git
文件夹git init
初始化一个属于你的新仓库。yarn
安装依赖(推荐使用 yarn
)yarn link
来软链接主题yarn link nodebb-theme-quickstart
来引入插件./nodebb build && ./nodebb dev
启动 NodeBB 开发环境编写完成后,别忘记为主题添加使用说明和屏幕截图哦! 编辑 theme.json 中,添加以下字段:
"screenshot": "screenshot.png"
修改 package.json
中相关的创作信息:
"author": {
"name": "Your Name",
"email": "Your Email",
"url": "Your website"
},
"repository": {
"type": "git",
"url": "https://github.com/{your-username}/{your-repository}"
},
"bugs": {
"url": "https://github.com/{your-username}/{your-repository}/issues"
}
FAQs
Unknown package
The npm package nodebb-theme-ponpomu receives a total of 0 weekly downloads. As such, nodebb-theme-ponpomu popularity was classified as not popular.
We found that nodebb-theme-ponpomu demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.