Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush PandyaĀ - Ā Jun 06, 2025
š Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more ā
v8r
v8r is a command-line validator that uses Schema Store to detect a suitable schema for your input files based on the filename.
š¦ Install the package from NPM
š Jump into the Documentation to get started
š¦ 5.0.0 - 2025-05-10
Following on from the deprecations in version 4.4.0, version 5.0.0 contains a number of breaking changes:
- The
--formatCLI argument andformatconfig file key have been removed. Switch to using--output-formatandoutputFormat. - v8r now ignores patterns in
.gitignoreby default. - The
fileLocationargument ofgetSingleResultLogMessagehas been removed. The signature is nowgetSingleResultLogMessage(result, format). Plugins implementing thegetSingleResultLogMessagehook will need to to update the signature. If you are usingfileLocationin thegetSingleResultLogMessagefunction body, switch to usingresult.fileLocation. - File paths are no longer passed to plugins in dot-relative notation.
Plugins implementing the
getSingleResultLogMessage,getAllResultsLogMessageandparseInputFileplugin hooks may need to be updated. - The minimum compatible node version is now Node 20.
Other changes in this release:
- v8r is now tested on node 24
- Upgrade to latest major versions of core packages (got, glob, minimatch, etc)
FAQs
A command-line JSON, YAML and TOML validator that's on your wavelength
The npm package v8r receives a total of 1,473 weekly downloads. As such, v8r popularity was classified as popular.
We found that v8r demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 1 open source maintainer collaborating on the project.
Package last updated on 10 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor NorrisĀ - Ā Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush PandyaĀ - Ā Jun 05, 2025