Search Results for "malicious"

npq is a security-focused package manager that analyzes npm dependencies for potential vulnerabilities before installation. It helps developers ensure the safety of their projects by checking for malicious or outdated packages.

Puppeteer is a headless Node library that provides a high level API for controlling Chromium or Chrome over the DevTools protocol. It requires zero setup and comes bundled with the Chromium version most suited to it. Puppeteer is headless by default, making it fast to run. However, it can also be set to run full or non-headless Chrome or Chromium, simply set the headless option when launching a browser. Many of the things you can do manually in the browser, you can also do with Puppeteer...

lockfile-lint is a security tool that helps validate npm and Yarn lockfiles to prevent malicious dependency injections. It checks for common security issues such as package integrity violations and unauthorized registry usage.

...Each type of parsing accepts a callback to generate an image source or an options object with parsing info. The second kind of parsing is string parsing. This is unrecommended because this method does not sanitize the string or otherwise prevent malicious code from being executed; such sanitization is out of scope.

...CSRF protection is an important security feature, but in systems which don't have backend session persistence, validation is tricky. Stateless CSRF support addresses this need. CSRF attacks can be bad when a malicious script can make a request that can perform harmful operations through the user (victim)'s browser, attaching user-specific and sensitive data in the cookies. For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further.