![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
zapier-platform-core
Advanced tools
Readme
This is the code that powers our Zapier Platform CLI. You'll want to head to that repo to see how it's used.
npm install
for getting startednpm test
for running unit testsnpm run local-integration-test
for running integration tests locallynpm run build-boilerplate -- --debug
for building a build-boilerplate/*.zip
(if you want to test buildless locally)Make sure your AWS access key have permission to update and run Lambda functions, and then you can use these commands to run tests on AWS Lambda:
npm run deploy-integration-test
builds and deploys a zip to a function named integration-test-cli
on Lambdanpm run lambda-integration-test
runs the integration test using the live Lambda function integration-test-cli
npm version [patch|minor|major]
will pull, test, update schema version in dependencies for this package, update docs, increment version in package.json, and push tags, which then will tell Travis to publish to npmFAQs
Unknown package
We found that zapier-platform-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.