
Research
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.
project-calavera
Advanced tools
A simple, configurable starting skeleton for common web projects. Bring your own frameworks.
A simple starting skeleton for common web projects. Bring your own frameworks.
To start with, you will need to have Nodejs installed. You can find instructions on the Nodejs website.
Your next stop is to ensure that your project has a package.json
file in the root of the project. If your project does not already have one, you can create one using the npm init
or yarn init
command from your command line/terminal.
With the above in place, you are ready to start using Calavera.
Inside your package.json
we will add a calavera
config entry that will tell Calavera which configs to install. Calavera support the following config options:
or a combination of the above. You can read details on each configuration in the Calavera docs.
Once you have added your chosen Calavera config, for exmaple:
"calavera": {
"eslint": true,
"prettier": true
}
Run the following from the root of your project:
npx project-calavera
This will add the required dot-files to your project. Once the command completes, it will output the command you should run to install the required dependencies:
NOTE: Calavera by default prints the command for the Yarn dependency manager. If you prefer
NPM
, you can specify it as part of your Calavera config, for example:"calavera": { "manager": "npm", "eslint": true, "prettier": true }
Run the following command to install your dependencies: npm i -D --save-exact babel-cli babel-preset-env eslint
Copy, paste and run the command in your terminal. Once complete, you are of to the races.
Make something awesome! đź’€
FAQs
A simple, configurable starting skeleton for common web projects. Bring your own frameworks.
We found that project-calavera demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.
Product
A single platform for static analysis, secrets detection, container scanning, and CVE checks—built on trusted open source tools, ready to run out of the box.
Product
Socket is launching experimental protection for the Hugging Face ecosystem, scanning for malware and malicious payload injections inside model files to prevent silent AI supply chain attacks.