Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Enables enhanced node.js/fish-shell/XTerm/iTerm3 feature integration.
$TERM_COLOR=16m
environment variable is set.--color=16m
to front of process.argv before wrapping the supports-color
module.$TERM_IMAGES=enabled
: Allow rendering of inline images using OSC sequences.$TERM_AUDIO=enabled
: Allow enhanced audio.$TERM_FONT=box
: Terminal font has UTF8 box drawing characters.$TERM_FONT=full
: Terminal font has full UTF8 extras (such as Menlo, DejaVu Mono).In fish, it's a simple as defining a universal, exported variable.
set -Ux TERM_IMAGES enabled
set -Ux TERM_FONT full
In bash an export TERM_IMAGES=enabled
in ~/.bashrc
will do the trick. I don't use tcsh or zsh anymore so can't remember exactly which files are used when those shells are invoked interactively. Fish is almost always invoked interactively - which is kind of the point of fish, it being the 'Freindly INTERACTIVE Shell' after all! Write scripts for portablility (sh/bash/perl even node) then write fish functions to interact with those scripts from the keyboard... but I digress.
In some of my 'private' admin/control systems, I use a customised terminfo database that wraps some of the (very useful) enhanced OSC abilities of more recent iTerm builds into new commands available via tput
(which I further wrap in fish functions).
The terminfo
directory above contains iTerm.ti
. Using /usr/bin/tic
and ncurses' terminfo database (available from invisible-island.net), I build a new terminal type xterm-256color+iterm3
, and change the Terminal type preference in iTerm to the same, setting the $TERM environment variable.
The new terminfo entries are built thusly...
cd term-ng/terminfo
curl http://invisible-island.net/datafiles/current/terminfo.src.gz
gunzip terminfo.src.gz
tic -xrs -e xterm-256color terminfo.src
tic -xsv3 iTerm.ti
This create a new, updated xterm-256color and then extends it for iTerm. this is non-destructive as it creates new entries at ~/.terminfo/
. Simply delete this directory to return the terminfo databases back to the original OS provided state.
A word of caution... while this has worked very well for me, I have found that some things complain about an unrecognized term type - Homebrew is notable here. A simple workaround is to have a standard xterm-256color
profile defined to use when brewing.
From inside the package directory, running npm run-script colors
will generate a preview of the entire color gamut your terminal is capable of. Output of a recent iTerm beta shown below:
FAQs
Terminal/$TERM feature snooping and whitelisting
The npm package term-ng receives a total of 14 weekly downloads. As such, term-ng popularity was classified as not popular.
We found that term-ng demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.