Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This Ruby gem uses the Yahoo Finance API to provide three valuable stock market functions for the user. First, it imports the users portfolio from a CSV
file, calculates each stocks earnings/losses of the day, adds them together and returns an accumulated balance of the users total earnings/losses for the day. Next, it gives the user the option to display generic stock information of any or all stocks in their portfolio. Lastly, it allows the user to lookup stock data of any stock(s) of their choosing.
You can install this gem via gem install stock-gains
. Before you run this app you'll need to set up a CSV
file containing all of the stocks in your portfolio so they can be imported into the app. Start by cloning the repository to your local computer. Then, on the top-level of the directory, create a file called portfolio.csv
and insert the stock ticker followed by the quantity of shares you hold for each stock in your portfolio. Be sure to input each stock on a new line and separate the two values by a comma (see the diagram below). Now run stock-gains
in the CLI to view your gains!
What makes Stock Gains useful is that not only does it compute what each individual stock in your portfolio has earned/lost for that day, it computes the total balance your portfolio has earned/lost for that day. These calculations are displayed for the user in the following table:
The user then has the option to view additional stock information regarding any stock in their portfolio. There are four possible entries:
all
to display stock data regarding all of the stocks in your portfolioe
to exit the programFinally, lookup any stock on the market by entering the stock ticker. To view multiple stocks, separate the stock tickers with a space.
After checking out the repo, run bundle exec bin/setup
to install dependencies.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that stock-gains demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.