Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
tap-yaml
Advanced tools
Readme
Yaml handling for TAP parsers and generators
const yaml = require('tap-yaml')
const str = yaml.stringify(someObject)
const obj = yaml.parse(someString)
This is essentially a re-export of the yaml package, with a few modifications to be more suitable for use in tap.
toString()
that contains the original string source.Error
type is added.omap
and set
are configured to refer to Map and Set objects.This is not yet ready for prime time. Work is underway to port node-tap projects to use it, which will take a bit of time, and probably flush out a lot of bugs and issues along the way.
If you'd like to help, get in touch!
FAQs
Unknown package
We found that tap-yaml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.