Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
Zip2State
Zip2State is a function that uses an optimized zip code library to automatically & reliably derive a US state from a zip code, all for under 3k.
Demo: https://meandmybadself.github.io/zip2state/
Why?
If we can reliably determine a user's state from their zip code, why have them enter both?
Current client-side solutions involve:
- Loading all zipcodes & city/states (big file size)
- Interacting with an API (not great for client-only solutions)
How?
Reduce entire ranges of a state's zipcodes (eg 94000-94999) into their base root (94) where possible.
Assumptions
Zip codes don't move between states(See Update)- New zip codes are added using existing numeric prefixes
Update
A zip code can be shared across states. (Reference link)
Installation
npm i zip2state
NPM Scripts
| Script | Description |
|---|---|
dev | Starts up local development process |
build | Builds component |
parse | Parses zip code CSV into zip-state.txt |
Usage
Function accepts a string (could be a partial zipcode). Returns a two-letter US state code or '' if no state was found.
import zip2state from 'zip2state'
const partialZip = zip2state('94')
console.log(partialZip) // 'CA'
const fullZip = zip2state('44446')
console.log(fullZip) // 'OH'
const fakeState = zip2state('00000')
console.log(fakeState) // ''
Data Attribution
Uses Coven, D. S., (2012). Free Zipcode Database: Unique Zipcode [data file]. Retrieved from http://federalgovernmentzipcodes.us
FAQs
Automatically & reliably derive US states from postal zip codes (<5k).
The npm package zip2state receives a total of 1 weekly downloads. As such, zip2state popularity was classified as not popular.
We found that zip2state demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Apr 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025