Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
GHSA-pjwm-rvh2-c87w Alternatives
Similar projects and alternatives to GHSA-pjwm-rvh2-c87w
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
ua-parser-js
UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
-
is-even
Discontinued I created this in 2014, when I was learning how to program. (by i-voted-for-trump)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
is-odd
Discontinued I created this in 2014, the year I learned how to program. All of the downloads are from an old version of https://github.com/micromatch/micromatch. I've done a few other things since: https://github.com/jonschlinkert. (by i-voted-for-trump)
-
enquirer
Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert
-
Dapper
Discontinued Dapper - a simple object mapper for .Net [Moved to: https://github.com/DapperLib/Dapper] (by StackExchange)
-
is-number
JavaScript/Node.js utility. Returns `true` if the value is a number or string number. Useful for checking regex match results, user input, parsed strings, etc.
-
micromatch
Highly optimized wildcard and glob matching library. Faster, drop-in replacement to minimatch and multimatch. Used by square, webpack, babel core, yarn, jest, ract-native, taro, bulma, browser-sync, stylelint, nyc, ava, and many others! Follow micromatch's author: https://github.com/jonschlinkert
-
Fluent Assertions
A very extensive set of extension methods that allow you to more naturally specify the expected outcome of a TDD or BDD-style unit tests. Targets .NET Framework 4.7, as well as .NET Core 2.1, .NET Core 3.0, .NET 6, .NET Standard 2.0 and 2.1. Supports the unit test frameworks MSTest2, NUnit3, XUnit2, MSpec, and NSpec3.
-
handlebars-helpers
188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
GHSA-pjwm-rvh2-c87w reviews and mentions
-
Attack Simulator for SolarWinds, Codecov, and ua-parser-js breaches
The SUNSPOT malware, Codecov breach, and lot of compromised open-source packages (like was the case with ua-parser-js) target the CI/ CD pipeline to modify release build or exfiltrate credentials.
- Embedded malware in ua-parser-js - critical severity
- Embedded malware in ua-parser-JS (NPM package)
-
PSA: Tor.com was hacked and is currently spreading malware
I think you are misunderstanding the attack vector in the article you linked. This isn't the same thing we were discussing, please see https://github.com/advisories/GHSA-pjwm-rvh2-c87w. This was not a compromise designed to go after the visitors of the website so far as I can tell (and even if it were, it couldn't do much except possibly steal a password if you entered it on a compromised site or steal cookie data). This was designed to target people who were using the library in their software, aka, it was targeting the build-chain of the developers, and many devs and companies as a result had computers compromised when the updated their versions, which caused the compromised version to download to their computers.
- Supply-chain attack on NPM Package UAParser, which has millions of daily downloads
- The npm package ua-parser-js had three versions (0.7.29, 0.8.0, 1.0.0) published with malicious code.
- Embedded crypto miner in ua-parser-JS
-
BREAKING!! NPM package ‘ua-parser-js’ with more than 7M weekly download is compromised
Github has published an advisory for the package https://github.com/advisories/GHSA-pjwm-rvh2-c87w
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Stats
Popular Comparisons
- GHSA-pjwm-rvh2-c87w VS npm-force-resolutions
- GHSA-pjwm-rvh2-c87w VS micromatch
- GHSA-pjwm-rvh2-c87w VS is-mobile
- GHSA-pjwm-rvh2-c87w VS is-number
- GHSA-pjwm-rvh2-c87w VS Dapper
- GHSA-pjwm-rvh2-c87w VS NUnit
- GHSA-pjwm-rvh2-c87w VS ua-parser-js
- GHSA-pjwm-rvh2-c87w VS crater
- GHSA-pjwm-rvh2-c87w VS deno-puppeteer
- GHSA-pjwm-rvh2-c87w VS open-source-at-scale