Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
permawebjs
Advanced tools
PermawebJS aims to lower the barrier of onboarding and building on Arweave by creating a well documented one-stop library.
Run the following command to install the package using npm or yarn
npm install permawebjs
#OR
yarn add permawebjs
Functions from specific function types can be imported as follows:
import { createWallet } from 'permawebjs/wallet';
const wallet = await createWallet({
seedPhrase: true,
environment: 'local',
});
In this library, the following types of functions are available:
Wallet Functions
: Functions associated with creating and using wallets. Read more here.
Transaction Functions
: Functions associated with creating and interacting with transactions. Read more here.
Contract Functions
: Functions associated with creating and interacting with contracts. Read more here.
Serverless Functions
: Functions associated with creating and interacting with serverless functions. Read more here.
Auth Functions
: Functions associated with authentication. Authentication currently supports ArConnect only. Read more here.
Every function has a dedicated page with the following information associated with it:
optional
keyword means they are optional. Parameters that do not have this keyword are required and must be passed in for successful function calls.Read the docs here
FAQs
Utility library to build full stack permaweb applications
We found that permawebjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.