![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
nodejs-file-downloader
Advanced tools
Readme
nodejs-file-downloader is a simple utility for downloading files. It hides the complexity of dealing with streams, paths and duplicate file names.
$ npm install nodejs-file-downloader
Download a large file with default configuration
const Downloader = require('nodejs-file-downloader');
(async () => {//Wrapping the code with an async function, just for the sake of example.
const downloader = new Downloader({
url: 'http://212.183.159.230/200MB.zip',//If the file name already exists, a new file with the name 200MB1.zip is created.
directory: "./downloads",//This folder will be created, if it doesn't exist.
})
await downloader.download();//Downloader.download() returns a promise.
console.log('All done');
})();
const Downloader = require('nodejs-file-downloader');
(async () => {
const downloader = new Downloader({
url: 'http://212.183.159.230/200MB.zip',
directory: "./downloads/2020/May",//Sub directories will also be automatically created if they do not exist.
})
downloader.on('progress',(percentage)=>{//Downloader is an event emitter. You can register a "progress" event.
console.log('% ',percentage)
})
await downloader.download();
})();
nodejs-file-downloader "deduces" the file name, from the URL or the response headers. If you want to overwrite it, supply a config.fileName property.
const downloader = new Downloader({
url: 'http://212.183.159.230/200MB.zip',
directory: "./downloads/2020/May",
fileName:'somename.zip'//This will be the file name.
})
By default, nodejs-file-downloader uses config.cloneFiles = true, which means that files with an existing name, will have a number appended to them.
const downloader = new Downloader({
url: 'http://212.183.159.230/200MB.zip',
directory: "./",
cloneFiles:false//This will cause the downloader to re-write an existing file.
})
FAQs
Unknown package
We found that nodejs-file-downloader demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.