Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Package was removed
Sorry, it seems this package was removed from the registry
taurus-js
Streamlined version of eosjs that contains just elliptic curve cryptography, serialize, and numeric methods.
Installation
NPM
The private NPM package can be found at npm.
Add dependency to your project
yarn add @blockone/taurus-js
Using with Typescript
In order to get access to the TextEncoding and TextDecoding types, you need to add @types/text-encoding as a dev dependency:
yarn add --dev @types/text-encoding
If you're using Node (not a browser) then you'll also need to make sure the dom lib is referenced in your tsconfig.json:
{
"compilerOptions": {
"lib": [..., "dom"]
}
}
Browser Distribution
Clone this repository locally then run yarn build-web. The browser distribution will be located in dist-web and can be directly copied into your project repository. The dist-web folder contains minified bundles ready for production, along with source mapped versions of the library for debugging.
Import
ES Modules
Importing using ESM syntax is supported using TypeScript, webpack, or Node.js with --experimental-modules flag
import { PrivateKey, PublicKey, Signature } from '@blockone/taurus-js'
CommonJS
Importing using commonJS syntax is supported by Node.js out of the box.
const { PrivateKey, PublicKey, Signature } = require('@blockone/taurus-js')
const { TextEncoder, TextDecoder } = require('util') // node only; native TextEncoder/Decoder
Full Documentation of Codebase
The documentation specific to the code in this repository can be found here
If you also need information from code that was removed from this repository, the full eosjs documentation can be found here
Lastly, there are a few examples and installation/usage guides available in the third-party perspective documentation for eosjs here
License
Important
See LICENSE for copyright and license terms.
All repositories and other materials are provided subject to the terms of this IMPORTANT notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources, and forward-looking statements. By accessing any of our repositories and other materials, you accept and agree to the terms of the notice.
FAQs
Talk to eos API
The npm package taurus-js receives a total of 0 weekly downloads. As such, taurus-js popularity was classified as not popular.
We found that taurus-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025