Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Gethash is a command-line hash utility.
Install from PyPI:
$ pip install gethash
or if you need legacy hash algorithms:
$ pip install "gethash[all]"
After installation, 10 commands are available:
Show command-line usage:
$ gethash --help
Usage: gethash [OPTIONS] COMMAND [ARGS]...
Generate or check various hash values.
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
blake2b Generate or check BLAKE2b.
blake2s Generate or check BLAKE2s.
crc32 Generate or check CRC32.
md2 Generate or check MD2.
md4 Generate or check MD4.
md5 Generate or check MD5.
md5-sha1 Generate or check MD5-SHA1.
mdc2 Generate or check MDC2.
ripemd160 Generate or check RIPEMD160.
sha1 Generate or check SHA1.
sha3-224 Generate or check SHA3-224.
sha3-256 Generate or check SHA3-256.
sha3-384 Generate or check SHA3-384.
sha3-512 Generate or check SHA3-512.
sha224 Generate or check SHA224.
sha256 Generate or check SHA256.
sha384 Generate or check SHA384.
sha512 Generate or check SHA512.
sha512-224 Generate or check SHA512-224.
sha512-256 Generate or check SHA512-256.
sm3 Generate or check SM3.
whirlpool Generate or check WHIRLPOOL.
$ ls -l
total 296
-rw-r--r-- 1 User 197610 68074 Jun 27 10:43 001.zip
-rw-r--r-- 1 User 197610 126717 Jun 27 10:43 002.zip
-rw-r--r-- 1 User 197610 103064 Jun 27 10:44 003.zip
$ sha1 -s *.zip
7701133eb84b567362fbf1b9e3883d7620ee8ada *001.zip
0d6c6cb6908064139f419c1b528f99142a1f2a49 *002.zip
10e2c0d8aa85add2ba495393f7f7f0b0baaf34a6 *003.zip
$ ls -l
total 299
-rw-r--r-- 1 User 197610 68074 Jun 27 10:43 001.zip
-rw-r--r-- 1 User 197610 51 Jun 27 10:44 001.zip.sha1
-rw-r--r-- 1 User 197610 126717 Jun 27 10:43 002.zip
-rw-r--r-- 1 User 197610 51 Jun 27 10:44 002.zip.sha1
-rw-r--r-- 1 User 197610 103064 Jun 27 10:44 003.zip
-rw-r--r-- 1 User 197610 51 Jun 27 10:44 003.zip.sha1
$ cat *.sha1
7701133eb84b567362fbf1b9e3883d7620ee8ada *001.zip
0d6c6cb6908064139f419c1b528f99142a1f2a49 *002.zip
10e2c0d8aa85add2ba495393f7f7f0b0baaf34a6 *003.zip
$ sha1 -c *.sha1
[SUCCESS] 001.zip
[SUCCESS] 002.zip
[SUCCESS] 003.zip
FAQs
Command-line hash utility
We found that gethash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.