Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
vin-validator
= Vin-Validator
Gem for gathering info on VINs, optionally using link:https://vpic.nhtsa.dot.gov/api/[NHTSA's API]
== Installation
Add this line to your application's Gemfile:
[source,ruby]
gem 'vin-validator'
And then execute:
$ bundle install
Or install it yourself as:
$ gem install vin-validator
== Usage
=== vin_info
[source,ruby]
just_a_vin = 'AA5325L1588827' other_vins = %w[13N153201K1533942 1E9AA5325L1588827 1RND48A27GR039983 1RND53A33KR049282]
VinValidator::Knowledge.vin_info(just_a_vin).fetch(just_a_vin)
VinValidator::Knowledge.vin_info(just_a_vin, true).fetch(just_a_vin)
VinValidator::Knowledge.vin_info(other_vins)
VinValidator::Knowledge.vin_info(other_vins, true)
Every call to VinValidator::Knowledge::vin_info will return a hash.
Each key in the result is one of the VINs provided, and each value is another hash.
Value hash:
|=== |Key |Value
|:errors
|Array<VinValidator::Result>
|:nhtsa_errors
|Array<VinValidator::Result>
|:vin
|VinValidator::Result
|:make
|Array<VinValidator::Result>
|:manufacturer
|VinValidator::Result
|:model
|VinValidator::Result
|:year
|VinValidator::Result
|:body_type
|VinValidator::Result
|:trailer_type
|VinValidator::Result
|:vehicle_type
|VinValidator::Result
|:gvw
|VinValidator::Result
|:suggested_vin
|VinValidator::Result
|===
VinValidator::Result has 3 attributes: vin, type, and value.
vin- The vin the result belongs totype- The type of result (error,make,year, etc)value- The value of the result
=== validate
[source,ruby]
just_a_vin = 'AA5325L1588827' other_vins = %w[13N153201K1533942 1E9AA5325L1588827 1RND48A27GR039983 1RND53A33KR049282]
VinValidator::Knowledge.validate(just_a_vin).fetch(just_a_vin)
VinValidator::Knowledge.validate(just_a_vin, true).fetch(just_a_vin)
VinValidator::Knowledge.validate(other_vins)
VinValidator::Knowledge.validate(other_vins, true)
Every call to VinValidator::Knowledge::vin_info will return a hash.
Each key in the result is one of the VINs provided, and each value is another hash.
Value hash:
|=== |Key |Value |Description
|:valid
|Boolean
|false if there are errors or year/wmi is blank
|:year
|Hash, Nil
|:letter(String) and :year(Integer)
|:wmi
|Array<VinValidator::Result>
|Possible makes the VIN can have
|:infos
|Array<String>
|The info messages
|:errors
|Array<String>
|The error messages
|===
VinValidator::Result has 3 attributes: vin, type, and value.
vin- The vin the result belongs totype- The type of result (error,make,year, etc)value- The value of the result
== Changelog
See xref:./CHANGELOG.adoc[CHANGELOG] see changes
FAQs
Unknown package
We found that vin-validator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025