Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/ivanov-gv/color-picker-test-app
- Version published
- Created
Color picker test app
Backend of a simple app where the user can save his favorite color. It is an interview test task.
It is deployed on Google cloud
Go to https://color-app-hznvjhuleq-no.a.run.app/user/1/color to fetch someone's favourite colors!
Details
Dockerized
The app is fully dockerized. You can see here 3 Dockefiles:
- Dockerfile - for building local and staging versions of the app. Allows you to provide environment specific configs, builds extended version of an app using -tags migrate defined in the Makefile for seamless db migrations.
- Dockerfile-prod - for building production version. Uses minimal app version without staging functionality. Only uses production configuration.
- integration-test/Dockerfile - for building another instance for running integration tests. Is a part of build described in docker-compose.yml. Ready to be used in CI/CD.
All the docker builds are staged. Final image uses scratch, which makes it lightweight - 11.61 MB.
Cloud native
The app is exposing /healtz probe, used by kubernetes for checking liveness of a container. In this case it is not necessary, but it is also possible to expose readiness and startup probes as well.
It makes this app ready to be running in kubernetes.
Also, cmd/main.go contains functionality to receive syscalls and make graceful shutdown.
Clean architecture
Clean architecture pattern was used for development. This pattern allows to easily extend application functionality, make it flexible and easy to test.
Endpoints
POST /user - create new user
POST /user/{id}/color - add color to a user
{
"name": "my happy color",
"HEX": "#00000"
}
GET /user/{id}/color - get all the colors of the user
DELETE /user/{user_id}/color/{color_id}/ - delete color
It is restricted to add colors with the same name or the same color code. Also, "name" could be only 20 letters long and "HEX" could be only valid hex color format.
Integration tests, that checks those validators, are passed
Try this api yourself using try-me.http
Run locally
- clone this repo
- make run-docker
FAQs
Unknown package
Package last updated on 13 Nov 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024