Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
activeadmin
Active Admin
Active Admin is a Ruby on Rails framework for creating elegant backends for website administration.
Goals
- Enable developers to quickly create good-looking administration interfaces.
- Build a DSL for developers and an interface for businesses.
- Ensure that developers can easily customize every nook and cranny.
Getting started
- Review the documentation.
- For help, questions, etc. discuss ActiveAdmin on GitHub or use StackOverflow
- The wiki includes links to tutorials, articles and sample projects.
For enterprise
Active Admin for enterprise is available via the Tidelift subscription. Learn More.
Want to contribute?
If you want to contribute through code or documentation, the Contributing guide is the best place to start. If you have questions, feel free to ask.
Want to support us?
If you want to support us financially, you can help fund the project through a Tidelift subscription. By buying a Tidelift subscription you make sure your whole dependency stack is properly maintained, while also getting a comprehensive view of outdated dependencies, new releases, security alerts, and licensing compatibility issues.
You can also support us with a weekly tip via Liberapay.
Finally, we have an Open Collective where you can become a backer or sponsor for the project, and also submit expenses to it.
Dependencies
We try not to reinvent the wheel, so Active Admin is built with other open source projects:
Security contact information
Please use the Tidelift security contact to report a security vulnerability. Tidelift will coordinate the fix and disclosure.
Acknowledgements
Thanks to Greg Bell for creating and sharing this project with the open source community.
Thanks to all the people that ever contributed through code or other means such as bug reports, issue triaging, feature suggestions, code snippet tips, Slack discussions and so on.
Thanks to Tidelift and all our Tidelift subscribers.
Thanks to Open Collective and all our Open Collective contributors.
FAQs
Unknown package
We found that activeadmin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 04 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025