Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
rcfile
Loads library configuration in all possible ways
Read library configurations from yaml, json, js files or from sections in package.json.
Installation
npm install --save rcfile
Usage
'use strict'
var rcfile = require('rcfile')
rcfile('eslint')
.then(function (config) {
console.log(config)
//> { extends: 'standard',
// rules:
// { 'comma-dangle': [ 2, 'always-multiline' ],
// 'arrow-parens': [ 2, 'as-needed' ] } }
})
rcfile('travis', { configFileName: '.travis' })
.then(function (config) {
console.log(config)
//> { language: 'node_js',
// sudo: false,
// node_js: [ 'v0.10', 'v4' ],
// cache: { directories: [ 'node_modules' ] },
// before_install: [ 'npm install -g npm@3' ],
// install: [ 'npm install' ],
// after_success:
// [ 'if [[ $TRAVIS_NODE_VERSION == "v4" ]]; then npm run coveralls; fi;',
// 'if [[ $TRAVIS_NODE_VERSION == "v4" ]]; then npm run semantic-release; fi;' ] }
})
License
Dependencies 
- debug: small debugging utility
- find-up-glob: Find a file by walking up parent directories
- json5: JSON for the ES5 era.
- read-pkg-up: Read the closest package.json file
- require-uncached: Require a module bypassing the cache
Dev Dependencies 
- chai: BDD/TDD assertion library for node.js and the browser. Test framework agnostic.
- cz-conventional-changelog: Commitizen adapter following the conventional-changelog format.
- eslint: An AST-based pattern checker for JavaScript.
- eslint-config-standard: JavaScript Standard Style - ESLint Shareable Config
- eslint-plugin-promise: Enforce best practices for JavaScript promises
- eslint-plugin-standard: ESlint Plugin for the Standard Linter
- ghooks: Simple git hooks
- istanbul: Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests
- mocha: simple, flexible, fun test framework
- mos: A pluggable module that injects content into your markdown files via hidden JavaScript snippets
- mos-plugin-readme: A mos plugin for generating README
- semantic-release: automated semver compliant package publishing
- validate-commit-msg: Script to validate a commit message follows the conventional changelog standard
Keywords
FAQs
Loads library configuration in all possible ways
The npm package rcfile receives a total of 4,654 weekly downloads. As such, rcfile popularity was classified as popular.
We found that rcfile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 May 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025