![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
tap-yaml
Advanced tools
Readme
Yaml handling for TAP parsers and generators
const yaml = require('tap-yaml')
const str = yaml.stringify(someObject)
const obj = yaml.parse(someString)
This is essentially a re-export of the yaml package, with a few custom types and default properties to be more suitable for use in tap.
!function
type is added. Functions aren't parsed to actual
functions using eval()
, since that's obviously a Bad Idea, but they do
parse to an empty function with a toString()
that contains the original
string source.Error
type is added, which does its best to maintain its properties,
and always shows message, stack, and name, even if these are non-enumerable.
If an Error has a custom inspect method that returns an object, then that is
used as the source of extra properties, so you may filter out what gets
dumped to your TAP stream.omap
and set
are configured to refer to Map and Set objects.null
prototype maintain their null-prototyped-ness.Domain
objects are stringified, but without their giant object graph,
since that's often a performance issue.Date
objects are given a non-default !date
tag rather than the default
YAML 1.1 !timestamp
, so that they maintain their explicit date object
nature through stringifying and re-parsing.prettyErrors
option is always enabled.FAQs
Unknown package
We found that tap-yaml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.