Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@arc-core-components/content-source_content-api-v4
Advanced tools
Provides a common content source for the Content API portion of the Arc suite.
This the Arc Core Component representing a content source that hooks into the Content API portion of the Arc Suite.
The most important part is the pattern, which defines the endpoint that PageBuilder Fusion uses to look up content.
This Core Component takes advantage of PageBuilder Fusion's ability to use CONTENT_BASE to define the credentials for a Content API, ensuring that no private secrets are exposed.
/content/v4/?website={arc-site}&website_url=${website_url}
This content source takes one parameter: a website URL, typically the path to the story following the domain name.
This Core Component must be used within a Fusion project.
npm install @arc-core-components/content-source_content-api-v4
/content/sources
folder. For this content source, the suggested name is
content-api-v4.js
content-api-v4.js
:import source from "@arc-core-components/content-source_content-api-v4";
export default source;
This will return an ANS document representing a single story from a Content API.
website
The default export of the content source is set up for multisite deployments
where a _website
url parameter is necessary when visiting a specific page.
Example: http://localhost/pf/sample-page/?_website=the-gazette
. To override
this behavior for a single site build we provide a factory function for creating
an otherwise unchanged content source with a user provided website.
import { createContentSource } from "@arc-core-components/content-source_content-api-v4";
export default createContentSource("washingtonpost");
This module also exports a helper function addResizedUrls
that can be called
within the transform
function to automatically add resizer URLs to all images
in the content source:
import source, { addResizedUrls } from '@arc-core-components/content-source_content-api-v4';
import { resizerSecret, resizerUrl } from 'fusion:environment';
const transform = (data) => {
return addResizedUrls(data, { resizerUrl, resizerSecret, presets: {
small: { width: 50, height: 50 },
large: {width: 480 }
}});
};
export default {
...source,
transform,
};
Then you can use the sizePreset
prop in the image core component and it will
be automatically resized:
<Image sizePreset="large" {...additionalProps} />
Here's an example for multisite, where each site could have its own resizer endpoint. This is helpful for clients that have publications in different continents - you can set up a resizer endpoint in each site's properties.
// properties/sites/my-site.json
{
resizerUrl: "my-resizer-endpoint.com",
resizerSecretKeyEnvVar: "RESIZER_SECRET_EU"
}
// content/sources/content-api-v4.js
import source, { addResizedUrls } from '@arc-core-components/content-source_content-api-v4';
import envVars from 'fusion:environment';
import getProperties from 'fusion:properties';
const transform = (data) => {
const { website } = data;
const { resizerSecretKeyEnvVar, resizerUrl } = getProperties(website);
const resizerSecret = envVars[resizerSecretKeyEnvVar];
return addResizedUrls(data, { resizerUrl, resizerSecret, presets: {
small: { width: 50, height: 50 },
large: {width: 480 }
}});
/*
* Alternately you can give addResizedUrls a callback
* return addResizedUrls(data, function ({ url, width, height, focalPoint }) {
* return { customSize: thumbor.setImagePath(url, resize(480, 0).buildUrl() }
* });
*
*/
};
export default {
...source,
transform,
};
See also:
We are using Jest and XO for testing and linting.
We are using Husky to run a pre-push hook, preventing un-linted or code that fails tests from making it into the repo.
To test: npm test
To lint: npm run lint
- This will also fix any simple linter errors
automatically.
To push without testing or linting: git push --no-verify
- This can often
be helpful if you just need to push a branch for demonstration purposes or for
help.
FAQs
Provides a common content source for the Content API portion of the Arc suite.
The npm package @arc-core-components/content-source_content-api-v4 receives a total of 170 weekly downloads. As such, @arc-core-components/content-source_content-api-v4 popularity was classified as not popular.
We found that @arc-core-components/content-source_content-api-v4 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.