![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
protoblast
Advanced tools
Changelog
0.5.7 (2018-07-01)
Date.parseDuration(str)
for getting a duration in msDate#add
and Date#subtract
now also accept duration stringsRURL
rewrite, inspired by url-parse
by Arnout Kazemier and URI.js
by Rodney RehmObject.flatten(obj, divider)
now accepts custom dividersRURL.encodeQuery(obj)
now handles nested objectsString#assign(values, remove_used)
attempts to normalize values when assigning objectsDate.parseString(str, base)
and Date.parseStringToTime(str, base)
Readme
$ npm install protoblast
For more information and API documentation, visit the Protoblast homepage.
You can use Protoblast in 2 ways.
This is the easiest way to use all the new methods & shims. Ideal for internal or big projects.
// Require protoblast and execute the returned function
require('protoblast')();
var str = 'Get what we want';
// New native methods, like after, will have been added
str.after('what');
// ' we want'
You can also get an object that has pre-bound all the new methods, without modifying anything.
It's more verbose, but should be the way to use Protoblast in redistributable modules.
// Require protoblast and execute the returned function with `false` as parameter
var Blast = require('protoblast')(false);
var str = 'Get what we want';
// Native objects will have been left alone, they can be accessed like this:
Blast.Bound.String.after(str, 'what');
// ' we want'
FAQs
Unknown package
We found that protoblast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.