![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
strip-bom
Advanced tools
Package description
The strip-bom package is used to remove a UTF-8 byte order mark (BOM) from the beginning of a string. This is particularly useful when dealing with files or data streams that may have been saved with a BOM, which can cause issues when processing or parsing the text.
Removing BOM from a string
This code demonstrates how to use strip-bom to remove a byte order mark from the beginning of a string. It's useful for processing text that originates from files encoded with a BOM.
const stripBom = require('strip-bom');
const stringWithBom = '\uFEFFThis is a test string.';
const cleanedString = stripBom(stringWithBom);
console.log(cleanedString); // 'This is a test string.'
Similar to strip-bom, but designed for use with streams. It allows for the removal of the BOM from streams of data, making it useful for processing files or data in real-time. This package is a good choice when working with large files or in situations where data is being streamed.
This package offers functionality similar to strip-bom but operates on buffers instead of strings. It's particularly useful when dealing with binary data or when reading files into buffers before processing. This can be advantageous for performance in certain scenarios.
Readme
Strip UTF-8 byte order mark (BOM) from a string
From Wikipedia:
The Unicode Standard permits the BOM in UTF-8, but does not require nor recommend its use. Byte order has no meaning in UTF-8.
$ npm install strip-bom
import stripBom from 'strip-bom';
stripBom('\uFEFFunicorn');
//=> 'unicorn'
FAQs
Unknown package
The npm package strip-bom receives a total of 36,519,144 weekly downloads. As such, strip-bom popularity was classified as popular.
We found that strip-bom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.