Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@azure/core-client
Advanced tools
The @azure/core-client package is designed to be a foundational library for all Azure SDK client libraries. It provides the core functionalities such as HTTP pipeline, serialization, and deserialization of responses, handling of authentication protocols, and error handling. It is intended to streamline the development of Azure SDKs by providing common functionalities needed for interacting with Azure services.
HTTP Pipeline
This feature allows developers to customize the HTTP pipeline used for sending requests to Azure services. It includes adding custom policies, using a default HTTP client, and configuring the pipeline with various options.
const { PipelinePolicy, createDefaultHttpClient, createPipelineFromOptions } = require('@azure/core-client');
const httpClient = createDefaultHttpClient();
const pipeline = createPipelineFromOptions({});
pipeline.addPolicy(somePolicy);
const client = new SomeServiceClient(url, credential, { httpClient, pipeline });
Authentication
This feature demonstrates how to use the @azure/identity package with @azure/core-client to authenticate requests to Azure services. It simplifies the process of using Azure Active Directory tokens for authentication.
const { TokenCredential, DefaultAzureCredential } = require('@azure/identity');
const { SomeServiceClient } = require('@azure/some-service');
const credential = new DefaultAzureCredential();
const client = new SomeServiceClient('<your-service-endpoint>', credential);
Serialization and Deserialization
This feature is about serializing request payloads before sending them to Azure services and deserializing responses. It ensures that data is correctly formatted for network transmission and subsequent processing.
const { serialize, deserialize } = require('@azure/core-client');
const model = { name: 'Azure SDK' };
const serializedModel = serialize(model);
const deserializedModel = deserialize(serializedModel);
Axios is a popular HTTP client for the browser and node.js. While it provides features for making HTTP requests and handling responses, it lacks the Azure-specific integrations and authentication protocols that @azure/core-client offers.
node-fetch is a lightweight module that brings window.fetch to Node.js. Similar to axios, it allows for making HTTP requests but does not include the Azure-specific features or the extensive HTTP pipeline customization options available in @azure/core-client.
Request is a simplified HTTP request client for Node.js, but it has been deprecated. While it was widely used for making HTTP requests, it does not offer the Azure service integrations or the authentication and pipeline customization capabilities of @azure/core-client.
This library is primarily intended to be used in code generated by AutoRest and autorest.typescript
.
See our support policy for more details.
This package is primarily used in generated code and not meant to be consumed directly by end users.
This is the common base class for generated clients. It provides the methods sendOperationRequest
and sendRequest
.
sendRequest
simply makes an HTTP request using a Pipeline
(see @azure/core-rest-pipeline
for details.)
sendOperationRequest
is used by generated code to make a request using an OperationSpec
and OperationArguments
. An OperationSpec
is a translation of request requirements from the OpenAPI/Swagger file that describes the service.
This method is used to create a Pipeline
instance that is customized with extra policies that perform serialization and deserialization. The bulk of the work is in converting requests into the right HTTP message that a service expects and then converting the HTTP response payload into the response shape described by the service's OpenAPI specification file.
Mapper
s are used to encode and decode data into HTTP headers and bodies. They describe all request and response fields. They are referenced by OperationSpec
s.
The method createSerializer
creates a Serializer
that is used to do the bulk of the work transforming data when making a request or processing a response. Given a corpus of Mapper
s and the appropriate OperationSpec
it can manufacture an HTTP request object from a user provided input or convert an HTTP response object into a user-friendly form.
You can build and run the tests locally by executing rushx test
. Explore the test folder to see advanced usage and behavior of the public classes.
Learn more about AutoRest and the autorest.typescript extension for generating a compatible client on top of this package.
If you run into issues while using this library, please feel free to file an issue.
If you'd like to contribute to this library, please read the contributing guide to learn more about how to build and test the code.
FAQs
Core library for interfacing with AutoRest generated code
The npm package @azure/core-client receives a total of 2,199,654 weekly downloads. As such, @azure/core-client popularity was classified as popular.
We found that @azure/core-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.