Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/grpc-ecosystem/go-grpc-mIDdleware
gRPC Go Middleware: interceptors, helpers, utilities.
Version v2 is about to be released, with migration guide, which will replace v1. Try v2 and give us feedback!
Version v1 is currently in deprecation mode, which means only critical and safety bug fixes will be merged.
gRPC Go recently acquired support for Interceptors, i.e. middleware that is executed either on the gRPC Server before the request is passed onto the user's application logic, or on the gRPC client around the user call. It is a perfect way to implement common patterns: auth, logging, message, validation, retries, or monitoring.
These are generic building blocks that make it easy to build multiple microservices easily. The purpose of this repository is to act as a go-to point for such reusable functionality. It contains some of them itself, but also will link to useful external repos.
grpc_middleware
itself provides support for chaining interceptors, here's an example:
import "github.com/grpc-ecosystem/go-grpc-middleware"
myServer := grpc.NewServer(
grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
grpc_ctxtags.StreamServerInterceptor(),
grpc_opentracing.StreamServerInterceptor(),
grpc_prometheus.StreamServerInterceptor,
grpc_zap.StreamServerInterceptor(zapLogger),
grpc_auth.StreamServerInterceptor(myAuthFunction),
grpc_recovery.StreamServerInterceptor(),
)),
grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
grpc_ctxtags.UnaryServerInterceptor(),
grpc_opentracing.UnaryServerInterceptor(),
grpc_prometheus.UnaryServerInterceptor,
grpc_zap.UnaryServerInterceptor(zapLogger),
grpc_auth.UnaryServerInterceptor(myAuthFunction),
grpc_recovery.UnaryServerInterceptor(),
)),
)
Please send a PR to add new interceptors or middleware to this list
grpc_auth
- a customizable (via AuthFunc
) piece of auth middlewaregrpc_ctxtags
- a library that adds a Tag
map to context, with data populated from request bodygrpc_zap
- integration of zap logging library into gRPC handlers.grpc_logrus
- integration of logrus logging library into gRPC handlers.grpc_kit
- integration of go-kit/log logging library into gRPC handlers.grpc_grpc_logsettable
- a wrapper around grpclog.LoggerV2
that allows to replace loggers in runtime (thread-safe).grpc_prometheus
⚡ - Prometheus client-side and server-side monitoring middlewareotgrpc
⚡ - OpenTracing client-side and server-side interceptorsgrpc_opentracing
- OpenTracing client-side and server-side interceptors with support for streaming and handler-returned tagsotelgrpc
- OpenTelemetry client-side and server-side interceptorsgrpc_retry
- a generic gRPC response code retry mechanism, client-side middlewaregrpc_validator
- codegen inbound message validation from .proto
optionsgrpc_recovery
- turn panics into gRPC errorsratelimit
- grpc rate limiting by your own limitergo-grpc-middleware
is released under the Apache 2.0 license. See the LICENSE file for details.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.