![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
workbox-core
Advanced tools
Package description
The workbox-core package is a part of the Workbox suite of libraries and tools for service workers. It provides essential utilities and base classes that are used by other Workbox modules. It helps in managing service worker lifecycle, caching strategies, and request routing.
Service Worker Lifecycle Management
This feature helps in managing the lifecycle of service workers. The `clientsClaim` method ensures that the service worker starts controlling all open clients as soon as it activates.
import { clientsClaim } from 'workbox-core';
self.addEventListener('activate', (event) => {
event.waitUntil(clientsClaim());
});
Precaching
Although this feature is part of workbox-precaching, it relies on workbox-core for some of its functionality. It allows you to precache assets during the service worker installation phase.
import { precacheAndRoute } from 'workbox-precaching';
precacheAndRoute(self.__WB_MANIFEST);
Routing
This feature allows you to define custom routing rules for network requests. In this example, it uses the Stale-While-Revalidate strategy for caching images.
import { registerRoute } from 'workbox-routing';
import { StaleWhileRevalidate } from 'workbox-strategies';
registerRoute(
({request}) => request.destination === 'image',
new StaleWhileRevalidate({
cacheName: 'images',
})
);
sw-toolbox is a collection of tools for service workers, similar to Workbox. It provides caching strategies and request routing. However, Workbox is more modular and offers a more comprehensive set of features.
sw-precache is a library for generating service worker code that precaches resources. It is similar to Workbox's precaching capabilities but is less flexible and lacks the modularity of Workbox.
This plugin integrates service workers into the Webpack build process. While it offers some similar functionalities like precaching, it is not as feature-rich or modular as Workbox.
Readme
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-core
FAQs
Unknown package
We found that workbox-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.