Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The 'warning' npm package is a utility that allows developers to print warning messages to the console. It is typically used to alert developers of potential issues or misuses of an API that are not severe enough to warrant throwing an error. It is often used in development environments to provide guidance without interrupting the execution of the program.
Conditional warnings
This feature allows developers to conditionally display warning messages based on a boolean condition. If the condition is true, the warning message is printed to the console.
var warning = require('warning');
var shouldWarn = true;
warning(shouldWarn, 'This is a warning message that will only be displayed if shouldWarn is true.');
The 'invariant' package is similar to 'warning' in that it is used for development checks. However, 'invariant' will throw an error if the condition is not met, making it more suitable for critical issues that should not be ignored or bypassed.
The 'debug' package is used for logging debug messages and is similar to 'warning' in that it provides a way to output messages to the console. However, 'debug' is more versatile as it allows for namespaced debug logs and can be enabled or disabled based on the environment or debug level.
While 'chalk' is not directly similar to 'warning' in functionality, it is often used in conjunction with warning messages to colorize console output, making the warnings more noticeable. 'chalk' itself is a styling library that allows developers to style their terminal string output.
A mirror of Facebook's Warning
npm install warning
// some script
var warning = require('warning');
var ShouldBeTrue = false;
warning(
ShouldBeTrue,
'This thing should be true but you set to false. No soup for you!'
);
// 'This thing should be true but you set to false. No soup for you!'
Similar to Facebook's (FB) invariant but only logs a warning if the condition is not met. This can be used to log issues in development environments in critical paths. Removing the logging code for production environments will keep the same logic and follow the same code paths.
Why do you use
console.error
instead ofconsole.warn
?
This is a mirror of Facebook's (FB) warning module used within React's source code (and other FB software). As such this module will mirror their code as much as possible.
The descision to use error
over warn
was made a long time ago by the FB team and isn't going to change anytime soon.
The source can be found here: https://github.com/facebook/fbjs/blob/master/packages/fbjs/src/__forks__/warning.js The reasoning can be found here and elsewhere: https://github.com/facebook/fbjs/pull/94#issuecomment-168332326
Can I add X feature?
This is a mirror of Facebook's (FB) warning and as such the source and signature will mirror that module.
If you believe a feature is missing than please open a feature request there. If it is approved and merged in that this module will be updated to reflect that change, otherwise this module will not change.
It is recommended to add babel-plugin-dev-expression with this module to remove warning messages in production.
Don't Forget To Be Awesome
FAQs
A mirror of Facebook's Warning
The npm package warning receives a total of 7,322,950 weekly downloads. As such, warning popularity was classified as popular.
We found that warning demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.