Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Small library to create tags by typing
The usage is simple:
Create container element where taggify will be installed, like:
<div class="taggify"></div>
Include Taggify library script to your HTML code:
<script src="taggify.min.js"></script>
Then start using in your JS script:
<script>
(function () {
'use strict';
new window.Taggify();
})();
</script>
Taggify library uses a configuration object containing following properties:
Container selector to find HTML node to initialize taggify element. By default: '.taggify'
Container node to initialize taggify element. Will be used instead of containerSelector
, if defined.
Indicator whether to use autocomplete callback. By default: false
The autocomplete callback. It takes 2 params:
The input event callback delay. After this time, the tags are created.
It's used to increase performance of the solution. By default: 100
The text to display to a user as a label. By default: 'Start typing ...'
Indicator whether to allow duplicated tags. Used when autocomplete is turned off.
By default: false
List of hot keys which generate tags when autocomplete is off.
The list contains key codes, like - coma is 188, but enter is 13.
By default: [13, 188]
Flag indicating whether an input label should be displayed
The method allows to create tags based on provided array of strings
const tags = ['a','b','c'];
taggify.updateTags(tags);
FAQs
Create tags by typing
The npm package taggify receives a total of 1 weekly downloads. As such, taggify popularity was classified as not popular.
We found that taggify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.