Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Enhanced utils
This package modifies and enhances the standard util
from node.js
Full API Documents is here: Docs
▸ inject(aOrgFunc
, aBeforeExec
, aAfterExec
): Function
Wraps a function and executes code before and/or after the wrapped function.
Throws
If aAfterExec is not a function and an error occurs while executing the wrapped function.
Example
import { inject as injectFunc } from 'util-ex'
// Wrapping a function with injectFunc
const originalFunc = (a, b) => a + b;
const beforeFunc = (a, b) => console.log(`Before execution: a = ${a}, b = ${b}`);
const afterFunc = (result) => console.log(`After execution: result = ${result}`);
const wrappedFunc = injectFunc(originalFunc, beforeFunc, afterFunc);
const result = wrappedFunc(1, 2); // Logs "Before execution: a = 1, b = 2" and "After execution: result = 3"
Example
// Wrapping a function with injectFunc and modifying arguments and return value
const Arguments = injectFunc.Arguments
const originalFunc = (a, b) => a + b;
const beforeFunc = (a, b) => {
console.log(`Before execution: a = ${a}, b = ${b}`);
return new Arguments([a * 2, b * 3]);
};
const afterFunc = (result, isDenied) => {
console.log(`After execution: result = ${result}, isDenied = ${isDenied}`);
return result * 2;
};
const wrappedFunc = injectFunc(originalFunc, beforeFunc, afterFunc);
const result = wrappedFunc(1, 2); // Logs "Before execution: a = 1, b = 2", "After execution: result = 6, isDenied = false"
console.log(result); // Output: 12
Example
// Wrapping a function with injectFunc and not executing the original function
const originalFunc = (a, b) => a + b;
const beforeFunc = (a, b) => {
console.log(`Before execution: a = ${a}, b = ${b}`);
return "Not executing original function";
};
const afterFunc = (result, isDenied) => {
console.log(`After execution: result = ${result}, isDenied = ${isDenied}`);
return "Modified return value";
};
const wrappedFunc = injectFunc(originalFunc, beforeFunc, afterFunc);
const result = wrappedFunc(1, 2); // Logs "Before execution: a = 1, b = 2", "After execution: result = Modified return value, isDenied = true"
console.log(result); // Output: "Modified return value"
Example
// Wrapping a function with injectFunc and getting the original function's error
const originalFunc = () => {
throw new Error("Original function error");
};
const beforeFunc = () => {
console.log("Before execution");
};
const afterFunc = (result, isDenied) => {
console.log(`After execution: result = ${result}, isDenied = ${isDenied}`);
};
const wrappedFunc = injectFunc(originalFunc, beforeFunc, afterFunc);
wrappedFunc(); // Logs "Before execution", "After execution: result = [Error: Original function error], isDenied = false"
Name | Type | Description |
---|---|---|
aOrgFunc | Function | The function to be wrapped. |
aBeforeExec | Function | A function to be executed before the wrapped function aOrgFunc . |
aAfterExec | Function | A function to be executed after the wrapped function aOrgFunc . |
Function
A new function that wraps the original function.
BeforeExec:
If aBeforeExec
is a function, it will be called with the same context and arguments as the wrapped function.
Arguments
object, the wrapped function will be called with the modified arguments.undefined
, the wrapped function will not be called and this value will be returned as result instead.AfterExec:
If aAfterExec
is a function, it will be called with the same context, arguments with additional the result of the aOrgFunc
and isDenied flag.
aOrgFunc
throws an error, the result
parameter will be an Error
object.aAfterExec
returns a value, it will be used as the final result of the wrapped function.isDenied
parameter is true, it means aOrgFunc
was not called during execution of the wrapped function.▸ injectMethod(aObject
, aMethodName
, aNewMethod
): boolean
Injects method into an object. optionally preserving access to the original method via "super
" and original instance via "self
".
Note:
this.super()
to call the original method, this.super()
is already bound with original instance.this[aMethodName]
is also the original method, but not bound yet.this.self
is the original instance!Example
import { injectMethod } from 'util-ex'
var obj = {
method1: function() {
console.log('Hello');
}
};
var newMethod = function() {
this.super();
console.log('World');
};
injectMethod(obj, 'method1', newMethod);
obj.method1(); // Output: Hello\nWorld
Name | Type | Description |
---|---|---|
aObject | any | the target object to inject |
aMethodName | string | the target method to inject |
aNewMethod | Function | the new method to be injected into the aObject. |
boolean
whether the injection is successful.
newFunction(name, arguments, body[, scope[, values]])
newFunction(functionString[, scope[, values]])
Creates a new function with the given name, arguments, body, scope and values.
import { newFunction } from 'util-ex'
var fn = newFunction('yourFuncName', ['arg1', 'arg2'], 'return log(arg1+arg2);', {log:console.log})
newFunction('function yourFuncName(){}')
newFunction('function yourFuncName(arg1, arg2){return log(arg1+arg2);}', {log:console.log})
newFunction('function yourFuncName(arg1, arg2){return log(arg1+arg2);}', ['log'], [console.log])
//fn.toString() is :
/*
"function yourFuncName(arg1, arg2) {
return log(arg1+arg2);
}"
*/
defineProperty(object, key, value[, aOptions])
Define a property on the object. move to inherits-ex package.
const defineProperty = require('util-ex/lib/defineProperty')
let propValue = ''
const obj = {}
defineProperty(obj, 'prop', 'simpleValue')
defineProperty(obj, 'prop', undefined, {
get() {return propValue}
set(value) {propValue = value}
})
FAQs
Browser-friendly enhanced util fully compatible with standard node.js
The npm package util-ex receives a total of 41,683 weekly downloads. As such, util-ex popularity was classified as popular.
We found that util-ex demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.