![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
parse-path
Advanced tools
Readme
Parse paths (local paths, urls: ssh/git/etc)
# Using npm
npm install --save parse-path
# Using yarn
yarn add parse-path
// Dependencies
const parsePath = require("parse-path")
console.log(parsePath("http://ionicabizau.net/blog"))
// {
// protocols: [ 'http' ],
// protocol: 'http',
// port: '',
// resource: 'ionicabizau.net',
// user: '',
// password: '',
// pathname: '/blog',
// hash: '',
// search: '',
// href: 'http://ionicabizau.net/blog',
// query: {}
// }
console.log(parsePath("http://domain.com/path/name?foo=bar&bar=42#some-hash"))
// {
// protocols: [ 'http' ],
// protocol: 'http',
// port: '',
// resource: 'domain.com',
// user: '',
// password: '',
// pathname: '/path/name',
// hash: 'some-hash',
// search: 'foo=bar&bar=42',
// href: 'http://domain.com/path/name?foo=bar&bar=42#some-hash',
// query: { foo: 'bar', bar: '42' }
// }
console.log(parsePath("git+ssh://git@host.xz/path/name.git"))
// {
// protocols: [ 'git', 'ssh' ],
// protocol: 'git',
// port: '',
// resource: 'host.xz',
// user: 'git',
// password: '',
// pathname: '/path/name.git',
// hash: '',
// search: '',
// href: 'git+ssh://git@host.xz/path/name.git',
// query: {}
// }
There are few ways to get help:
parsePath(url)
Parses the input url.
url
: The input url.protocols
(Array): An array with the url protocols (usually it has one element).protocol
(String): The first protocol or "file"
.port
(String): The domain port (default: ""
).resource
(String): The url domain/hostname.host
(String): The url domain (including subdomain and port).user
(String): The authentication user (default: ""
).password
(String): The authentication password (default: ""
).pathname
(String): The url pathname.hash
(String): The url hash.search
(String): The url querystring value (excluding ?
).href
(String): The normalized input url.query
(Object): The url querystring, parsed as object.Have an idea? Found a bug? See how to contribute.
I open-source almost everything I can, and I try to reply to everyone needing help using these projects. Obviously, this takes time. You can integrate and use these projects in your applications for free! You can even change the source code and redistribute (even resell it).
However, if you get some profit from this or just want to encourage me to continue creating stuff, there are few ways you can do it:
Starring and sharing the projects you like :rocket:
—I love books! I will remember you after years if you buy me one. :grin: :book:
—You can make one-time donations via PayPal. I'll probably buy a
coffee tea. :tea:
—Set up a recurring monthly donation and you will get interesting news about what I'm doing (things that I don't share with everyone).
Bitcoin—You can send me bitcoins at this address (or scanning the code below): 1P9BRsmazNQcuyTxEqveUsnf5CERdq35V6
Thanks! :heart:
If you are using this library in one of your projects, add it in this list. :sparkles:
parse-url
@pvm/gitlab
@enkeledi/react-native-week-month-date-picker
eleventy-plugin-embed-soundcloud
@hemith/react-native-tnk
native-kakao-login
react-native-my-first-try-arun-ramya
react-native-kakao-maps
react-native-is7
react-native-ytximkit
react-native-payu-payment-testing
npm_one_1_2_3
react-fsm-router
react-native-biometric-authenticate
react-native-arunmeena1987
react-native-contact-list
rn-adyen-dropin
tria-prima
sm-versioning
@positionex/position-sdk
@okayhq/backstage-backend-plugin
@corelmax/react-native-my2c2p-sdk
@felipesimmi/react-native-datalogic-module
@hawkingnetwork/react-native-tab-view
drowl-base-theme-iconset
native-apple-login
react-native-cplus
npm_qwerty
react-native-arunjeyam1987
react-native-bubble-chart
react-native-flyy
@alphy11/semantic-release-gitlab
@apardellass/react-native-audio-stream
@fgreinacher/semantic-release-gitlab
@geeky-apo/react-native-advanced-clipboard
@j4s0n/semantic-release-gitlab
react-feedback-sdk
npm_one_12_34_1_
npm_one_2_2
react-native-responsive-size
react-native-sayhello-module
react-native-dsphoto-module
payutesting
@flareapp/ignition-ui
semantic-release-gitee
semantic-release-gitlab-plugin
@con-test/react-native-concent-common
@pvm/github
@pvm/plugin-conventional-changelog
react-native-shekhar-bridge-test
@devdiary/semantic-devdiary-release
birken-react-native-community-image-editor
luojia-cli-dev
reac-native-arun-ramya-test
react-native-transtracker-library
react-native-pulsator-native
react-native-arun-ramya-test
react-native-arunramya151
react-native-plugpag-wrapper
semantic-release-version
@screeb/react-native
@jfilipe-sparta/react-native-module_2
@tjoussen/semantic-release-gitlab-mr
@buganto/client
astra-ufo-sdk
react-native-syan-photo-picker
@wecraftapps/react-native-use-keyboard
l2forlerna
native-google-login
react-native-modal-progress-bar
react-native-test-module-hhh
raact-native-arunramya151
reddit-title-has-verbatim-quote
react-native-jsi-device-info
react-native-badge-control
native-date-picker-module
styless-react
rn-tm-notify
FAQs
Unknown package
We found that parse-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.