
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
github.com/ggicci/httpin
httpin helps you easily decode data from an HTTP request, including:
?name=john&is_member=true
Authorization: xxx
username=john&password=******
POST {"name":"john"}
/users/{username}
You only need to define a struct to receive/bind data from an HTTP request, without writing any parsing stuff code by yourself.
Since v0.15.0, httpin also supports creating an HTTP request (http.Request
) from a Go struct instance.
httpin is:
in
type ListUsersInput struct {
Token string `in:"query=access_token;header=x-access-token"`
Page int `in:"query=page;default=1"`
PerPage int `in:"query=per_page;default=20"`
IsMember bool `in:"query=is_member"`
Search *string `in:"query=search;omitempty"`
}
func ListUsers(rw http.ResponseWriter, r *http.Request) {
input := r.Context().Value(httpin.Input).(*ListUsersInput)
if input.IsMember {
// Do sth.
}
// Do sth.
}
func SDKListUsers() {
payload := &ListUsersInput{
Token: os.Getenv("MY_APP_ACCESS_TOKEN"),
Page: 2,
IsMember: true,
}
// Easy to remember, http.NewRequest -> httpin.NewRequest
req, err := httpin.NewRequest("GET", "/users", payload)
// ...
}
net/http
packagefunc ListUsers(rw http.ResponseWriter, r *http.Request) {
page, err := strconv.ParseInt(r.FormValue("page"), 10, 64)
if err != nil {
// Invalid parameter: page.
return
}
perPage, err := strconv.ParseInt(r.FormValue("per_page"), 10, 64)
if err != nil {
// Invalid parameter: per_page.
return
}
isMember, err := strconv.ParseBool(r.FormValue("is_member"))
if err != nil {
// Invalid parameter: is_member.
return
}
// Do sth.
}
Benefits | Before (use net/http package) | After (use ggicci/httpin package) |
---|---|---|
⌛️ Developer Time | 😫 Expensive (too much parsing stuff code) | 🚀 Faster (define the struct for receiving input data and leave the parsing job to httpin) |
♻️ Code Repetition Rate | 😞 High | 😍 Lower |
📖 Code Readability | 😟 Poor | 🤩 Highly readable |
🔨 Maintainability | 😡 Poor | 🥰 Highly maintainable |
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.