![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
xmlhttprequest-ssl
Advanced tools
Package description
The xmlhttprequest-ssl package is a Node.js module that provides an implementation of the XMLHttpRequest object, which is primarily used in web browsers for making HTTP requests. This package is designed to work with SSL (Secure Sockets Layer) for secure data transmission and is particularly useful for server-side applications that need to make HTTP requests in a way that's similar to client-side JavaScript code.
Making GET Requests
This feature allows you to make GET requests to retrieve data from a specified URL. The code sample demonstrates how to initiate a GET request, handle the response, and print the result or error.
const XMLHttpRequest = require('xmlhttprequest-ssl').XMLHttpRequest;
const xhr = new XMLHttpRequest();
xhr.open('GET', 'https://api.example.com/data', true);
xhr.onload = function () {
if (xhr.status >= 200 && xhr.status < 300) {
console.log('Response:', xhr.responseText);
} else {
console.error('Request failed');
}
};
xhr.send();
Sending POST Requests
This feature enables sending POST requests to submit data to a server. The code sample shows how to set up a POST request, including setting the request header and sending data in JSON format.
const XMLHttpRequest = require('xmlhttprequest-ssl').XMLHttpRequest;
const xhr = new XMLHttpRequest();
xhr.open('POST', 'https://api.example.com/submit', true);
xhr.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
xhr.onload = function () {
if (xhr.status >= 200 && xhr.status < 300) {
console.log('Success:', xhr.responseText);
} else {
console.error('Request failed');
}
};
xhr.send(JSON.stringify({ key: 'value' }));
Axios is a popular HTTP client for the browser and Node.js. It provides a promise-based API and is capable of making XMLHttpRequests from the browser and http requests from Node.js. Compared to xmlhttprequest-ssl, Axios offers a more modern API, automatic JSON data transformation, and request and response interception.
node-fetch is a lightweight module that brings the Fetch API to Node.js. It aims to provide a consistent API with the browser's Fetch API, making it easy for developers to write isomorphic code that works on both the client and server. Unlike xmlhttprequest-ssl, node-fetch uses Promises, which can simplify asynchronous code.
Got is a human-friendly and powerful HTTP request library for Node.js. It supports redirections, retries, streams, and more. Got is designed to be a simpler and more usable alternative to Node's native http module, and it offers more advanced features compared to xmlhttprequest-ssl, such as built-in JSON parsing and improved error handling.
Readme
Fork of node-XMLHttpRequest by driverdan. Forked and published to npm because a pull request is not being created and merged. Changes made by rase- are needed for engine.io-client.
Here's how to include the module in your project and use as the browser-based XHR object.
var XMLHttpRequest = require("xmlhttprequest-ssl").XMLHttpRequest;
var xhr = new XMLHttpRequest();
Note: use the lowercase string "xmlhttprequest-ssl" in your require(). On case-sensitive systems (eg Linux) using uppercase letters won't work.
Here's how to include the module in your project and use as the browser-based XHR object.
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
var xhr = new XMLHttpRequest();
Note: use the lowercase string "xmlhttprequest" in your require(). On case-sensitive systems (eg Linux) using uppercase letters won't work.
Prior to 1.4.0 version numbers were arbitrary. From 1.4.0 on they conform to the standard major.minor.bugfix. 1.x shouldn't necessarily be considered stable just because it's above 0.x.
Since the XMLHttpRequest API is stable this library's API is stable as well. Major version numbers indicate significant core code changes. Minor versions indicate minor core code changes or better conformity to the W3C spec.
MIT license. See LICENSE for full details.
For a list of open issues or to report your own visit the github issues page.
FAQs
Unknown package
We found that xmlhttprequest-ssl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.