Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@allthings/sdk
Advanced tools
Allthings Node/Javascript SDK
yarn add @allthings/sdk
const allthings = require('@allthings/sdk')
const client = allthings.restClient({
accessToken: '043dab7447450772example1214b552838003522',
})
client
.getCurrentUser()
.then(viewer => console.log(`Welcome back ${viewer.username}!`))
The available configuration options are outlined here:
Option | Default | Description |
---|---|---|
accessToken | API Access Token | |
clientId | OAuth 2.0 clientId | |
clientSecret | OAuth 2.0 client secret | |
username | Username to use with OAuth 2.0 Password Grant authentication flow | |
password | Password to use with OAuth 2.0 Password Grant authentication flow | |
concurrency | Number of concurrent requests to perform in parallel. Default behavior is burst of 30/s, 1/s thereafter | |
apiUrl | Base API url to use. Defaults to https://api.allthings.me/, respects value of the ALLTHINGS_REST_API_URL environment variable |
@TODO
process.env.ALLTHINGS_OAUTH_CLIENT_ID process.env.ALLTHINGS_OAUTH_CLIENT_SECRET, process.env.ALLTHINGS_OAUTH_PASSWORD, process.env.ALLTHINGS_OAUTH_USERNAME,
@TODO
const allthings = require('@allthings/sdk')
const client = allthings.restClient({
accessToken: '043dab7447450772example1214b552838003522',
})
client
.getCurrentUser()
.then(viewer => console.log(`Welcome back ${viewer.username}!`))
client
:const allthings = require('@allthings/sdk')
const client = allthings.restClient({
clientId: '5d038ef2441f4de574005c54_example',
clientSecret: '40f63f981ff082dbc8d273983ac3852c2e51e90856123156',
redirectUri: 'https://example-app.com/callback'
})
state
which should be unique per request and hard to guess. It can be generated with client.oauth.generateState()
method:const state = client.oauth.generateState()
const authorizationUri = client.oauth.authorizationCode.getUri(state)
Direct user's browser to the constructed URI.
When user completes authentication process, he is redirected to the redirectUri
having code
and state
query string arguments, e.g.:
https://example-app.com/callback?code=ebc110bee11b2829&state=k1bt3c1d0vnfu7qk
At this point state
must be validated - if it doesn't match the one generated on step 2, such request is probably malicious and should be aborted.
await client.oauth.authorizationCode.requestToken(code)
const user = await client.getCurrentUser()
restClient()
client.agentCreate()
client.agentCreatePermissions()
client.appCreate()
client.lookupIds()
client.groupCreate()
client.groupGetById()
client.groupUpdateById()
client.getGroups()
client.propertyCreate()
client.propertyGetById()
client.propertyUpdateById()
client.getProperties()
client.registrationCodeCreate()
client.unitCreate()
client.unitGetById()
client.unitUpdateById()
client.getUnits()
client.userCreate()
client.userGetById()
client.userUpdateById()
client.userCreatePermission()
client.userGetPermissions()
client.userDeletePermission()
client.userGetUtilisationPeriods()
client.userCheckInToUtilisationPeriod()
client.getUsers()
client.getCurrentUser()
client.userRelationCreate()
client.userRelationDelete()
client.utilisationPeriodCreate()
client.utilisationPeriodGetById()
client.utilisationPeriodUpdateById()
client.utilisationPeriodCheckInUser()
client.delete()
client.get()
client.post()
client.patch()
Create an client instance of the SDK.
const allthings = require('@allthings/sdk')
const client = allthings.restClient(configurationOptions)
Create a new agent. This is a convenience function around creating a user and adding that user to a property-manager's team.
const appId = '575027e58178f56a008b4568'
const propertyManagerId = '5a818c07ef5f2f00441146a2'
const username = 'mr.example@allthings.test'
const agent = await client.createAgent(appId, propertyManagerId, username, {
email: 'mr.example@allthings.test',
locale: 'en_US',
})
export type MethodCreateAgent = (
appId: string,
propertyManagerId: string,
username: string,
data: PartialUser & {
readonly email: string
readonly locale: EnumLocale
},
) => UserResult
// Describes the API wrapper's resulting interface
export interface IAllthingsRestClient {
readonly delete: MethodHttpDelete
readonly get: MethodHttpGet
readonly post: MethodHttpPost
readonly patch: MethodHttpPatch
// Agent
/**
* Create a new agent. This is a convenience function around
* creating a user and adding that user to a property-manager's team
*/
readonly agentCreate: MethodAgentCreate
/**
* Create agent permissions. This is a convenience function around
* creating two user permission's: one "admin" and the other "pinboard"
*/
readonly agentCreatePermissions: MethodAgentCreatePermissions
// App
/**
* Create a new App.
*/
readonly appCreate: MethodAppCreate
// ID Lookup
/**
* Map one or more externalId's to API ObjectId's within the scope of a specified App
*/
readonly lookupIds: MethodLookupIds
// Group
/**
* Create a new group within a property
*/
readonly groupCreate: MethodGroupCreate
/**
* Get a group by its ID
*/
readonly groupGetById: MethodGroupGetById
/**
* Update a group by its ID
*/
readonly groupUpdateById: MethodGroupUpdateById
// Notification
/**
* Returns a collection of notifications for a given user
*/
readonly notificationsGetByUser: MethodNotificationsGetByUser
/**
* Marks all notifications of a user - until a provided timestamp (or now) - as read
*/
readonly notificationsUpdateReadByUser: MethodNotificationsUpdateReadByUser
/**
* Mark a notification as read
*/
readonly notificationUpdateRead: MethodNotificationUpdateRead
// Property
/**
* Create a new property
*/
readonly propertyCreate: MethodPropertyCreate
/**
* Get a property by its ID
*/
readonly propertyGetById: MethodPropertyGetById
/**
* Update a property by its ID
*/
readonly propertyUpdateById: MethodPropertyUpdateById
// Registration Code
/**
* Create a new registration code
*/
readonly registrationCodeCreate: MethodRegistrationCodeCreate
// Unit
/**
* Create a unit within a group
*/
readonly unitCreate: MethodUnitCreate
/**
* Get a unit by its ID
*/
readonly unitGetById: MethodUnitGetById
/**
* Update a unit by its ID
*/
readonly unitUpdateById: MethodUnitUpdateById
// User
/**
* Create a new User.
*/
readonly userCreate: MethodUserCreate
/**
* Get a user by their ID
*/
readonly userGetById: MethodUserGetById
/**
* Update a user by their ID
*/
readonly userUpdateById: MethodUserUpdateById
/**
* Get a list of users
*/
readonly getUsers: MethodGetUsers
/**
* Get the current user from active session
*/
readonly getCurrentUser: MethodGetCurrentUser
/**
* Give a user a permission/role on an given object of specified type
*/
readonly userCreatePermission: MethodUserCreatePermission
/**
* Get a list of user's permissions
*/
readonly userGetPermissions: MethodUserGetPermissions
/**
* Delete a user a permission/role on an given object of specified type
*/
readonly userDeletePermission: MethodUserDeletePermission
/**
* Get a list of user's current utilisation - periods
*/
readonly userGetUtilisationPeriods: MethodUserGetUtilisationPeriods
/**
* Checkin a user into a Utilisation-Period with userId and
* utilisation-periodId
*/
readonly userCheckInToUtilisationPeriod: MethodUserCheckInToUtilisationPeriod
// User Relation
/**
* Creates a new user relation
*/
readonly userRelationCreate: MethodUserRelationCreate
/**
* Deletes a new user relation
*/
readonly userRelationDelete: MethodUserRelationDelete
// Utilisation Period
/**
* Create a new utilisation period within a Unit
*/
readonly utilisationPeriodCreate: MethodUtilisationPeriodCreate
/**
* Get a utilisation period by its ID
*/
readonly utilisationPeriodGetById: MethodUtilisationPeriodGetById
/*
* Update a utilisation period by its ID
*/
readonly utilisationPeriodUpdateById: MethodUtilisationPeriodUpdateById
/**
* Check-in a user to a utilisation period with the users email
*/
readonly utilisationPeriodCheckInUser: MethodUtilisationPeriodCheckInUser
}
The Allthings SDK makes use of semantic-release which automates the whole package release workflow including: determining the next version number, generating the release notes and publishing the package. This repository is configured to squash-merge
(see here).
When you squash merge, GitHub takes the title of the PR for the squash-merge's commit subject. By choosing a proper PR title e.g. feat: my new feature
your merged PR will trigger a new release. See semantic-releases docs for available prefixes.
FAQs
Allthings Node/Javascript SDK
The npm package @allthings/sdk receives a total of 326 weekly downloads. As such, @allthings/sdk popularity was classified as not popular.
We found that @allthings/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.