Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
>
A statistics utility library
Table of Contents
Install
This project uses node and npm.
$ npm install stat-fns
$ # OR
$ yarn add stat-fns
Usage
const { Stat } = require('stat-fns')
const s = new Stat('65 72 68 64 60 55 73 71 52 63 61 74 69 67 74 50 4 75 67 62 66 80 64 65')
const s2 = new Stat('132 118 124 109 104 101 125 83 99 131 98 125 97 106 112 92 120 103 111 117 135 143 112 112 116 106 117 119 110 105 128 112 126 105 102')
console.log('=== 1 ===\n')
console.log('mean', s.mean())
console.log('max', s.max())
console.log('min', s.min())
console.log('sum', s.sum())
console.log('range', s.range())
console.log('Q1', s.Q1())
console.log('Q2', s.Q2())
console.log('Q3', s.Q3())
console.log('IQR', s.IQR())
console.log('Outliers', s.outliers())
// === 1 ===
// mean 63.375
// max 80
// min 4
// sum 1521
// range 76
// Q1 61.25
// Q2 65.5
// Q3 71.75
// IQR 10.5
// Outliers [ 4 ]
console.log('=== 2 ===\n')
console.log('mean', s2.mean())
console.log('median', s2.median())
console.log('mode', s2.mode())
console.log('standard deviation', s2.standardDeviation())
console.log('coefficient of variation', s2.cv())
console.log('max', s2.max())
console.log('min', s2.min())
console.log(s2.classInterval(), s2.classWidth())
// === 2 ===
// mean 113
// median 112
// mode [ '112' ]
// standard deviation 12.81293988791911
// coefficient of variation 0.11338884856565584
// max 143
// min 83
Docs
WIP
Contribute
- Fork it and create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am "Add some feature" - Push to the branch:
git push origin my-new-feature - Submit a pull request
License
MIT
FAQs
A statistics utility library
The npm package stat-fns receives a total of 31 weekly downloads. As such, stat-fns popularity was classified as not popular.
We found that stat-fns demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025