
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Made changes in the code to debug and do not understand what's wrong. Hell, I'm on the debug production! This happened to you? To me several times. Library offers one of the ways to solve this problem.
Most everyone will understand from one picture:
This means that on the first tab we have development environment, on second stage, and third it's production(we don't need change this favicon).
It uses Tinycon - A small library for manipulating the favicon.
And one more option:
Icon will be gray on non production environment.
Add this line to your application's Gemfile:
gem 'rails-env-favicon'
And then execute:
$ bundle
Setup:
# adds initializer
rails g rails_env_favicon:install
In your JavaScript manifest (e.g. application.js
):
//= require rails_env_favicon
In config/initializers/rails_env_favicon.rb
RailsEnvFavicon.setup do |config|
# If true then favicon will be gray on non production env
config.make_grayscale = false
# or if make_grayscale = false then draw badge on favicon with this options:
config.text_color = '#ffffff'
config.background_color = '#549a2f'
end
You can also configure the condition of changing favicon and badge label, just override RailsEnvFavicon
module methods. For example:
module RailsEnvFavicon
def self.badge_label
ENV['TEATRO'].present? ? 'T' : ::Rails.env.first.upcase
end
def self.applicable?
!::Rails.env.production? || ENV['TEATRO'].present?
end
end
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that rails-env-favicon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.