Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Browser, OS and device detection based on the available user agent string. Can be used both in a browser (also as a standalone script) or in a server environment.
it's very rarely a good idea to use user agent sniffing. You can almost always find a better, more broadly compatible way to solve your problem! MDN: Browser detection using the user agent
Note: Sniffr is written in Typescript and includes all the necessary typings, can be used both in JavaScript and Typescript projects
In case some browser-specific issue cannot be fixed uniformly across browsers we may need to perform some browser detection. For example, browser X crashes when function Y from library Z is used, so we have to detect when we are dealing with browser X and disable library Z.
To install the library use npm:
npm install sniffr
Hosted version (by jsDelivr) can be found here (replace the version number) https://cdn.jsdelivr.net/gh/amoilanen/sniffr@1.3.2/dist/sniffr.standalone.min.js
https://github.com/amoilanen/sniffr/blob/master/dist/sniffr.standalone.min.js is a downloadable minified version of the library to be used as a standalone script in a browser.
The library is can be directly used in a browser, no server-side code is run.
import { RecognizedBrowser } from "sniffr"
//If Windows and Firefox 28 or later
if (RecognizedBrowser.os.name === "windows"
&& RecognizedBrowser.browser.name === "firefox" && RecognizedBrowser.browser.version[0] >= 28) {
//Apply some workaround
}
For backward compatibility purposes the following more wordy legacy usage pattern is also supported:
import Sniffr from "sniffr"
const sniffr = new Sniffr()
sniffr.sniff()
//If Windows and Firefox 28 or later
if (sniffr.os.name === "windows"
&& sniffr.browser.name === "firefox" && sniffr.browser.version[0] >= 28) {
//Apply some workaround
}
When the script is loaded Sniffr
object will be initialized and put to the global namespace, it can be accessed directly:
//If Windows and Firefox 28 or later
if (Sniffr.os.name === "windows"
&& Sniffr.browser.name === "firefox" && Sniffr.browser.version[0] >= 28) {
//Apply some workaround
}
RecognizedBrowser.os
: operating systemRecognizedBrowser.browser
: browserRecognizedBrowser.device
: deviceSniffr.sniff
: function that expects a user agent string as an argument, it is called automatically in a browser
Sniffr can also be used in a Node.js environment in case you need to do some server-side user agent analysis as well.
First install it
npm install sniffr
Then load the module, provide it the agent string and query the results just like in a browser environment:
var Sniffr = require("sniffr").default;
var s = new Sniffr();
s.sniff("Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25");
console.log("Operating System:");
console.log(s.os);
console.log("Browser:");
console.log(s.browser);
console.log("Device:");
console.log(s.device);
Some libraries like jQuery provide only browser information and not the OS information. Some like Detectizr are plugins for other libraries that you may not use. And some require server-side code. A few libraries are usable only on the server or only in a browser.
Sniffr provides simple and symmetric API, does not depend on other libraries, does not require the server part, is tiny, fast and easily extensible. In addition, it can be used both in browser and server environments.
The original sniffing dog image location is http://publicdomainvectors.org/en/free-clipart/Dog-sniffing-vector-image/11807.html
FAQs
Browser, os and device detection
The npm package sniffr receives a total of 18,360 weekly downloads. As such, sniffr popularity was classified as popular.
We found that sniffr demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.