Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@alicloud/console-one-config
Advanced tools
仅输出对象和类型,可以不在 OneConsole 下使用(比如用在 console-base 中),但使用前必须做好判断
ONE_CONF.one
为 true 才是 OneConsole。
对 OneConsole 下 window.ALIYUN_CONSOLE_CONFIG
的封装,剔除不用的东西,纠正和明确类型。
在非 OneConsole 下同样可以得到类型一致的对象,但里边的数据都是空的。可以通过 CONF.ONE
是否为 true
判断当前是否为 OneConsole。
tnpm i @alicloud/console-one-config -S
import ONE_CONF from '@alicloud/console-one-config';
// 使用 ONE_CONF
window.ALIYUN_CONSOLE_CONFIG
只读一次,避免全局变量引起的安全漏洞ONE_CONF
的类型为优化后的 ConsoleOneConfig
undefined
更多优化可自行查看类型定义。
STATIS_API
设计的无比狗屎,基本上可以认为是由脚设计出来的。它输出的原屎格式是 { code, data?, message? }
,使用时需要非常小心,因为很容易出错,
我看到有人用了一连串的 &&
来做保护。实际上这一层逻辑完全可以在 OneConsole 输出前进行剥离,我多次提出,但总以稳定性为借口不作为,稳定得令人发指。
所以,这里提取了 data
作为直接输出,并更名为 API_RESULT
。
STATIS_API: {
a: {
code: '200',
data: ...
},
b: {
code: '200',
data: null // null 是正常的返回,不忽略
},
c: { // 由于 data 是 undefined,所以忽略
code: '200'
},
d: {
code: 'SomethingWrong',
data: '即使有 data,但 code 是失败,也忽略',
message: '...'
}
}
// 将变成
API_RESULT: {
a: ...,
b: null
}
改成了正确的格式,布尔是布尔,数值是数值。
对 REGIONS 的类型做了精简。
FAQs
OneConsole Config 对象解析与封装
The npm package @alicloud/console-one-config receives a total of 85 weekly downloads. As such, @alicloud/console-one-config popularity was classified as not popular.
We found that @alicloud/console-one-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.