Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
stackframe
Advanced tools
The stackframe npm package is a library that allows for manipulation and introspection of stack frames. It provides a simple way to work with stack traces, allowing users to parse and manipulate call stacks programmatically.
Creating StackFrame objects
This feature allows users to create StackFrame objects that represent a call stack's frame. The object can include details such as the function name, arguments, file name, line number, and column number.
var StackFrame = require('stackframe');
var frame = new StackFrame({functionName: 'funName', args: ['args'], fileName: 'file.js', lineNumber: 1, columnNumber: 3288});
Getting and setting properties
This feature allows users to get and set properties of a StackFrame object, such as the function name, file name, line number, etc. This can be useful for modifying or inspecting a frame's details.
var StackFrame = require('stackframe');
var frame = new StackFrame();
frame.setFunctionName('funName');
var functionName = frame.getFunctionName();
Stringifying StackFrame objects
This feature allows users to convert a StackFrame object into a string representation, which can be useful for logging or displaying the stack frame in a readable format.
var StackFrame = require('stackframe');
var frame = new StackFrame({functionName: 'funName', fileName: 'file.js', lineNumber: 1, columnNumber: 3288});
var stringifiedFrame = frame.toString();
This package is similar to stackframe in that it provides functionality for parsing JavaScript Error stacks. It extracts stack frames from the Error object and returns them as an array of StackFrame-like objects. It differs in that it focuses more on parsing existing Error stacks rather than creating and manipulating StackFrame objects.
This package is used to get v8 stack traces at any arbitrary point in time. It provides more detailed information about the stack trace and is often used for debugging purposes. Unlike stackframe, it is more focused on capturing and analyzing the current call stack rather than creating and manipulating StackFrame objects.
Underlies functionality of other modules within stacktrace.js.
Written to closely resemble StackFrame representations in Gecko and V8
// Create StackFrame and set properties
var stackFrame = new StackFrame({
functionName: 'funName',
args: ['args'],
fileName: 'http://localhost:3000/file.js',
lineNumber: 1,
columnNumber: 3288,
isEval: true,
isNative: false,
source: 'ORIGINAL_STACK_LINE'
evalOrigin: new StackFrame({functionName: 'withinEval', lineNumber: 2, columnNumber: 43})
});
stackFrame.functionName // => "funName"
stackFrame.setFunctionName('newName')
stackFrame.getFunctionName() // => "newName"
stackFrame.args // => ["args"]
stackFrame.setArgs([])
stackFrame.getArgs() // => []
stackFrame.fileName // => 'http://localhost:3000/file.min.js'
stackFrame.setFileName('http://localhost:3000/file.js')
stackFrame.getFileName() // => 'http://localhost:3000/file.js'
stackFrame.lineNumber // => 1
stackFrame.setLineNumber(325)
stackFrame.getLineNumber() // => 325
stackFrame.columnNumber // => 3288
stackFrame.setColumnNumber(20)
stackFrame.getColumnNumber() // => 20
stackFrame.source // => 'ORIGINAL_STACK_LINE'
stackFrame.setSource('NEW_SOURCE')
stackFrame.getSource() // => 'NEW_SOURCE'
stackFrame.isEval // => true
stackFrame.setIsEval(false)
stackFrame.getIsEval() // => false
stackFrame.isNative // => false
stackFrame.setIsNative(true)
stackFrame.getIsNative() // => true
stackFrame.evalOrigin // => StackFrame({functionName: 'withinEval', lineNumber: ...})
stackFrame.setEvalOrigin({functionName: 'evalFn', fileName: 'anonymous'})
stackFrame.getEvalOrigin().getFunctionName() // => 'evalFn'
stackFrame.toString() // => 'funName(args)@http://localhost:3000/file.js:325:20'
npm install stackframe
bower install stackframe
https://raw.githubusercontent.com/stacktracejs/stackframe/master/dist/stackframe.min.js
FAQs
JS Object representation of a stack frame
We found that stackframe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.