Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
shoplex
Shoplex
Shoplex takes Shopware online shop order and invoice data and converts it in a format that Lexware can read to model open positions.
It superseedes the magelex (version online is outdated), since the change from Monstergento to Shopliftware.
It supports the management of cash flow in Lexware.
The solution is specific for one customers needs. If you need a similar (or better) solution, contact us!
It is hacked in pretty vanilla (and as of writing, recent) Ruby 3.2.1+ and comes with a sinatra (old school, single fileish) web interface.
Installation
Install it yourself as:
$ gem install shoplex
Instructions to run the web-ui are below.
Assumptions
Customer accounts are hard coded.
Usage
$ none yet
Documentation of process
Open questions and/or answers
How to deal with credits/Gutschriften
We don't know yet
Does EU-ity depend on shipping or billing address
We don't know yet
Some invoices have 0 amount and/or a gutschrift - where do they come from?
We don't know yet
Where is the tax of the shipping costs?
The invoiceAmount is inclusive the invoiceShipping. Taxes of the shipping is not included in the individual tax columns but calculated via percentage (anteilsmäßig).
Which invoices or orders to take into account?
Take all invoices (irrespective of orderStatus and paymentStatus)
Does Lexware needs gross or net numbers?
Lexware takes gross numbers
Do we need to book the discount?
No.
Other
To experiment with that code, run bin/console for an interactive prompt.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/raw-living-germany/shoplex. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
License
The included pico css file is MIT licensed. Rest is AGPLv3+, Copyright 2023 Felix wolfsteller.
Code of Conduct
Everyone interacting in the Shoplex project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
Web-UI for Shoplex
(single file sinatra app)
Start and usage instructions
bundle exec exe/shoplex-web
Development
Execute
bundle exec rerun --pattern "**/*" --ignore="test/*" exe/shoplex-web
for automatic server reloads in development.
Deployment
As a service you can take the template in [webui/shoplex.service], link it (e.g.
ln -s /home/rawbotz/shoplex/webui/shoplex.service /etc/systemd/system/shoplex.service) and
start it (service shoplex restart)
FAQs
Unknown package
We found that shoplex demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025