Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Goji is a HTTP request multiplexer, similar to net/http.ServeMux
.
It compares incoming requests to a list of registered Patterns, and
dispatches to the http.Handler that corresponds to the first matching
Pattern. Goji also supports Middleware (composable shared
functionality applied to every request) and uses the standard
context
package to store request-scoped values.
package main
import (
"fmt"
"net/http"
goji "goji.io/v3"
"goji.io/v3/pat"
)
func hello(w http.ResponseWriter, r *http.Request) {
name := pat.Param(r, "name")
fmt.Fprintf(w, "Hello, %s!", name)
}
func main() {
mux := goji.NewMux()
mux.HandleFunc(pat.Get("/hello/:name"), hello)
http.ListenAndServe("localhost:8000", mux)
}
Please refer to Goji's GoDoc Documentation for a full API reference.
Goji's API was recently updated to use the new net/http
and context
integration, and is therefore some of its interfaces are in a state of flux. We
don't expect any further changes to the API, and expect to be able to announce
API stability soon. Goji is suitable for use in production.
Prior to Go 1.7, Goji promised API stability with a different API to the one
that is offered today. The author broke this promise, and does not take this
breach of trust lightly. While stability is obviously extremely important, the
author and community have decided to follow the broader Go community in
standardizing on the standard library copy of the context
package.
Users of the old API can find that familiar API on the net-context
branch. The
author promises to maintain both the net-context
branch and master
for the
forseeable future.
Goji maintains a mailing list, gojiberries, where you should feel welcome to ask questions about the project (no matter how simple!), to announce projects or libraries built on top of Goji, or to talk about Goji more generally. Goji's author (Carl Jackson) also loves to hear from users directly at his personal email address, which is available on his GitHub profile page.
Contributions to Goji are welcome, however please be advised that due to Goji's stability guarantees interface changes are unlikely to be accepted.
All interactions in the Goji community will be held to the high standard of the broader Go community's Code of Conduct.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.