Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/fogfish/gurl/v2
Combinator library for network I/O
The library implements a pure functional style to express communication behavior by hiding the networking complexity using combinators. This construction decorates http i/o pipeline(s) with "programmable commas", allowing to make http requests with few interesting properties such as composition and laziness.
User Guide | Playground | Examples | API Specification
Microservices have become a design style to evolve system architecture in parallel, implement stable and consistent interfaces. An expressive language is required to design the variety of network communication use-cases. Pure functional languages fit very well to express intent of communication behavior. These languages give rich abstractions to hide the networking complexity and help us to compose a chain of network operations and represent them as pure computation, building new things from small reusable elements. This library is implemented after Erlang's m_http
The library attempts to adapt a human-friendly logging syntax of HTTP I/O used by curl and Behavior as a Code paradigm, which connects cause-and-effect (Given/When/Then) with the networking (Input/Process/Output).
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.54.0
> Accept: application/json
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=UTF-8
< Server: ECS (phd/FD58)
< ...
Given semantic provides an intuitive approach to specify HTTP requests and expected responses. Adoption of this syntax as Go native code provides a rich capabilities for network programming.
Standard Golang packages implement a low-level HTTP interface, which requires knowledge about the protocol itself, understanding of Golang implementation aspects, and a bit of boilerplate coding. It also misses standardized chaining (composition) of individual requests. ᵍ🆄🆁🅻 inherits an ability of pure functional languages to express communication behavior by hiding the networking complexity using combinators. Combinators make a chain of network operations as a pure computation.
The library requires Go 1.18 or later
The latest version of the library is available at its main
branch. All development, including new features and bug fixes, take place on the main
branch using forking and pull requests as described in contribution guidelines. The stable version is available via Golang modules.
Use go get
to retrieve the library and add it as dependency to your application.
go get -u github.com/fogfish/gurl
The following code snippet demonstrates a typical usage scenario. See runnable http request example.
import (
"context"
"github.com/fogfish/gurl/v2/http"
ø "github.com/fogfish/gurl/v2/http/send"
ƒ "github.com/fogfish/gurl/v2/http/recv"
)
// Declare the type, used for networking I/O.
type Payload struct {
Origin string `json:"origin"`
Url string `json:"url"`
}
// Define the variable holds results of network I/O
var data Payload
// Declare HTTP I/O specification
lazy := http.GET(
// specify HTTP request
ø.GET.URL("http://httpbin.org/get"),
ø.Accept.JSON,
// assert HTTP response and "recv" JSON to the variable
ƒ.Status.OK,
ƒ.ContentType.JSON,
ƒ.Recv(&data),
)
// instance of HTTP stack
stack := http.New()
// evaluate HTTP I/O specification
err := stack.IO(context.Background(), lazy)
The library supplies extensions
The library is MIT licensed and accepts contributions via GitHub pull requests:
git checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)The build and testing process requires Go version 1.18 or later.
Build and test the library in your development console.
git clone https://github.com/fogfish/gurl
cd gurl
go test ./...
The commit message helps us to write a good release note, speed-up review process. The message should address two questions what changed and why. The project follows the template defined by chapter Contributing to a Project of Git book.
Short (50 chars or less) summary of changes
More detailed explanatory text, if necessary. Wrap it to about 72 characters or so. In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together.
Further paragraphs come after blank lines.
Bullet points are okay, too
Typically a hyphen or asterisk is used for the bullet, preceded by a single space, with blank lines in between, but conventions vary here
If you experience any issues with the library, please let us know via GitHub issues. We appreciate detailed and accurate reports that help us to identity and replicate the issue.
Specify the configuration of your environment. Include which operating system you use and the versions of runtime environments.
Attach logs, screenshots and exceptions, if possible.
Reveal the steps you took to reproduce the problem, include code snippet or links to your project.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.