Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
github.com/FrauElster/GopenApiToGraphQL
This project transforms OpenAPI schemas to GraphQL schemas.
I was originally using IBM`s openapi-to-graphql, and advise everyone to use it. It is battle-tested (according to the GitHub Stars) and has probably way more edge cases covered.
I am currently developing an OpenAPI to GraphQL proxy. This project uses 3 awesome tools under the hood
Number 1. and 3. are go projects, number 2. is a Node project. There lays the first reason why I decided to write an alternative.
A Node project means so much more stuff, e.g. package.json, package.lock, node_modules, npm has to be installed,
npx installs everything everytime, ...
Number 2. and the more severe thing: it uses a different validator than oapi-codegen.
I am pretty sure it uses IBMs openapi-validator](https://github.com/IBM/openapi-validator) which is fairly strict, whereas oapi-codegen uses [getkin
s kin-openapi.
No I do have some public available OpenAPI services I want to use and generate GraphQL proxies for, and these server`s schemas
are sometime not good enough to get parsed by openapi-to-graphql.
So I thought, if I would have to fork and modify openapi-to-graphql anyway, I could also write it in Go and get all the JS dependency and tooling out of my project.
There is probably a lot of open issues right now. I will edit it going along, everytime I found severe problems with it. I know that a lot can be done better, I am working on this for like 10 hours and is a more quick and dirty approach at the time.
Feel free to contribute and give me some PRs, if you want to.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.