Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@apollo/utils.fetcher
Advanced tools
This package defines TypeScript typings for a subset of the web fetch
API.
The goal is for software that wants to be able to make HTTP requests in a configurable fashion to be able to declare an option of this type; users can pass in any valid fetch
implementation such as node-fetch
, make-fetch-happen
, or undici
.
The actual fetch
API is very flexible. You can specify requests either as JSON-style objects or as objects of the Request
and Headers
classes. However, some fetch
implementations distinguish between these cases by using (for example) instanceof Headers
, where Headers
is the particular class defined by that implementation. So if you want to write portable code that should work with any fetch
implementation, you need to use JSON-style objects rather than a particular implementation's classes. (For example, a Headers
object created with node-fetch
v2 will not be properly recognized by make-fetch-happen
v10.)
Additionally, some fetch
implementations accept various types for their request body
; for example, node-fetch
supports the use of FormData
objects specifically from the form-data
package. You may choose to use different types for your request body
, so long as those types are supported by the fetch
implementation of your choice. You will likely need to use a type assertion to convince TypeScript that your body
is valid. Unfortunately, because different fetch
implementations access different FormData
classes, we weren't excited about the outcome of this relevant PR and decided to undo it, but might be open to a simpler approach that solves the problem without the need for type assertions.
Specifically, the Fetcher
interface only declares options that are currently required by the software that uses it, such as Apollo Server and Apollo Gateway. If more options are required (and they are implemented with the same types in all fetch
implementations), we can add them as needed.
This package is validated to be compatible with the typings of node-fetch
v2, make-fetch-happen
v10, and undici
v5.
FAQs
Minimal web-style fetch TypeScript typings
The npm package @apollo/utils.fetcher receives a total of 516,674 weekly downloads. As such, @apollo/utils.fetcher popularity was classified as popular.
We found that @apollo/utils.fetcher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.