
Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
oauth4webapi
Advanced tools
Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
This software provides a collection of routines that can be used to build client modules for OAuth 2.1, OAuth 2.0 with the latest Security Best Current Practices (BCP), and FAPI 2.0, as well as OpenID Connect where applicable. The primary goal of this software is to promote secure and up-to-date best practices while using only the capabilities common to both browser and non-browser JavaScript runtimes.
The following features are currently in scope and implemented in this software:
If you want to quickly add authentication to JavaScript apps, feel free to check out Auth0's JavaScript SDK and free plan. Create an Auth0 account; it's free!
Filip Skokan has certified that this software conforms to the Basic, FAPI 1.0, and FAPI 2.0 Relying Party Conformance Profiles of the OpenID Connect™ protocol.
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
oauth4webapi
has no dependencies and it exports tree-shakeable ESM.
oauth4webapi
is distributed via npmjs.com, jsr.io, jsdelivr.com, and github.com.
example
ESM import1
import * as oauth from 'oauth4webapi'
The supported JavaScript runtimes include those that support the utilized Web API globals and standard built-in objects. These are (but are not limited to):
Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ |
---|---|---|---|
v3.x | Security Policy | ✅ | ✅ |
3.5.0 (2025-04-14)
FAQs
Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
The npm package oauth4webapi receives a total of 763,584 weekly downloads. As such, oauth4webapi popularity was classified as popular.
We found that oauth4webapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Security News
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
Product
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.