Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aszu/lazy-network
Advanced tools
Created by lazy developer for lazy developers.
Axios once started as a tool for those, who were too lazy to play with fetch directly. It made it more sane by rejecting promises when the things went wrong on the server.
This module tries to move the laziness to the higher level, by wrapping some boilerplate code that I saw is usually written in each and every project.
If you're too lazy to use axios, feel free to use this wrapper.
Note: This is work in progress.
Although the interface that is exposed now (network.bootstrap and network.(get, post, ...) methods, along the waitForNetwork method will stay with us, the implementation will likely change in the future and new features will be introduced, as I identify new cases that are good candidates to be put here.
Main concern is - usually - to get the network configured, either by hardcoding something in the bundle (then you end up with having multiple artifacts for multiple environments) or by getting the config in a dynamic way (usually via additional request).
This library gives you a chance to skip writting boilerplate for the latter case, still supporting the former one. Read about Bootstrap modes below.
In bundle configuration
Network setup may be defined locally (in bundle).
This way you can get your network up and running (almost) instantly, without unnecessary requests and delays. Awesome, isn't it? You just pass the object to the network.bootstrap method.
import network, { BOOTSTRAP_MODE } from '@aszu/lazy-network'
network.bootstrap(
BOOTSTRAP_MODE.BOOTSTRAP_CODE,
{
endpoints: {
MAIN: 'http://your.server.com'
}
}
Network setup may be provisioned by some configuration file outside the built artifact.
This way is a good choice in case you don't mind waiting for another requests because you value "single artifact" principle more.
This way your application will be identical on all your environments. It starts and then it requests for config.json file, which contains all your goodies.
All you have to do to get your config.json for given environment deployed along your bundle.
Network can be bootstrapped by external JS call.
Actually, I use this mode when creating things like admin modules or similar. This way you can bootstrap your admin module and then use some hook or something else to bootstrap the network layer.
I like this approach as I have single configuration-less build of my admin module - and it just works when you drop it onto deployment.
You can shoot your requests before the network got bootstrapped.
There is a "no requests lost" due to lack of configuration approach. You will get your GET or POST promise and it will get resolved eventually.
For MAIN endpoint this is just given. For other endpoints, this might not be given out of the box, as the proxy objects are not the thing that can be trusted now. For that reason you will have at least declare list of your endpoints before you can send requests to there.
It is as simple as
network.declareEndpoints('CARDS', 'AUTH')
though.
FAQs
The network layer wrapper, by lazy people for lazy people.
We found that @aszu/lazy-network demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.