![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
web-ext
Advanced tools
Readme
This is a command line tool to help build, run, and test web extensions.
Ultimately, it aims to support web extensions in a standard, portable, cross-platform way. Initially, it will provide a streamlined experience for developing Firefox web extensions.
npm install --global web-ext
You'll need:
Optionally, you may like:
If you had already installed web-ext
from npm,
you may need to uninstall it first:
npm uninstall --global web-ext
Change into the source and install all dependencies:
git clone https://github.com/mozilla/web-ext.git
cd web-ext
npm install
Build the command:
npm run build
Link it to your node installation:
npm link
You can now run it from any directory:
web-ext --help
To get updates, just pull changes and rebuild the executable. You don't need to relink it.
cd /path/to/web-ext
git pull
npm run build
The web-ext tool enables you to build and ship web extensions for Firefox. This platform stabilized in Firefox 48 but you may need to develop with a nightly build of Firefox for some newer web-ext features. If you are looking to ship an add-on that runs in older versions of Firefox, consider jpm.
Hi! This tool is under active development. To get involved you can watch the repo, file issues, create pull requests, or ask a question on dev-addons. Read the contributing section for how to develop new features.
This is a great question and one that we will ask ourselves for each new web-ext feature. Most web extension functionality is baked into the browsers themselves but a complimentary command line tool will still be helpful. Here is a partial list of examples:
First, note that jpm is still actively maintained by Mozilla right now. We decided not to patch jpm for web extension support (See jpm issue 445, discussion). Here's why.
Mozilla built cfx then deprecated it for jpm and now we're proposing a new tool. I know this is frustrating for developers but web extensions mark a major turning point. It would be an arduous task to wedge its feature set and simplified development process into jpm.
Pros of creating a new tool:
Cons of creating a new tool:
FAQs
Unknown package
The npm package web-ext receives a total of 32,815 weekly downloads. As such, web-ext popularity was classified as popular.
We found that web-ext demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.