Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Queue javascript objects dynamically then process the queue according to the appender.
Included tag appenders:
npm test
npm run test_all
npm run test_top_one
npm run test_bottom_one
npm run test_func_all
npm run test_sync_all
npm run test_status
npm run test_version
npm run test_name
var colors = require('colors')
var queue = require("queueobj");
class test1 {
constructor() {
this.id = 100
this.process = this.process.bind(this)
}
process(callback) {
setTimeout(() => {
console.log(`processing test1`.cyan)
console.log(`some async process`)
callback({success: {msg: `processing all (${this.id})`}})
}, 3000)
}
}
class test2 {
constructor() {
this.id = 200
this.process = this.process.bind(this)
}
process(callback) {
let msg = `some kinda problem here in id(${this.id})`
// callback({error: {msg: msg}}) //this will show errors
callback({success: {msg: `processing all (${this.id})}`}}) //this will show no errors
}
ping() {
console.log('hello from test2'.rainbow)
}
}
class test3 {
constructor() {
this.id = 300
this.process = this.process.bind(this)
}
process(callback) {
callback({success: {msg: `processing all (${this.id})}`}})
}
}
class test4 {
constructor() {
let t = this
t.id = 400
t.custom_function = t.custom_function.bind(this)
}
custom_function(callback) {
let msg = `custom func problem here id(${this.id})`
setTimeout(() => {
// callback({error: {msg: msg}}) //this will show errors
callback({success: {msg: `processing all (${this.id})}`}}) //this will show no errors
}, 3000)
}
}
let tst4 = new test4()
let qObj = new queue(), props = { appender: 'name' }
qObj.load(props).add(new test1()).add(new test2()).add(new test3()).add(tst4.custom_function)
qObj.process().then(res => {
console.log(`success with all sync processing: (${JSON.stringify(res)})`.green)
}, err => {
console.log(`errors with all sync processing: (${JSON.stringify(err)})`.red)
})
FAQs
Queue File Objects
The npm package queueobj receives a total of 8 weekly downloads. As such, queueobj popularity was classified as not popular.
We found that queueobj demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.