Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@backstage-community/plugin-tech-insights-backend-module-jsonfc
Advanced tools
This is an extension to module to tech-insights-backend plugin, which provides basic framework and functionality to implement tech insights within Backstage.
This module provides functionality to run checks against a json-rules-engine and provide boolean logic by simply building checks using JSON conditions.
To add this FactChecker into your Tech Insights you need to install the module into your backend application:
# From your Backstage root directory
yarn --cwd packages/backend add @backstage-community/plugin-tech-insights-backend-module-jsonfc
backend.add(
import('@backstage-community/plugin-tech-insights-backend-module-jsonfc'),
);
Looking for the old backend system docs? Visit here.
Example:
techInsights:
factChecker:
checks:
groupOwnerCheck:
type: json-rules-engine
name: Group Owner Check
description: Verifies that a group has been set as the spec.owner for this entity
factIds:
- entityOwnershipFactRetriever
rule:
conditions:
all:
- fact: hasGroupOwner
operator: equal
value: true
factIds
for a checkWhen more than one is supplied, the requested fact MUST be present in at least one of the fact retrievers.
The order of the fact retrievers defined in the factIds
array has no bearing on the checks, the check will merge all facts from the various retrievers, and then check against latest fact .
json-rules-engine supports a limited number of built-in operators that can be used in conditions. You can add your own operators by adding them to the operators
array in the JsonRulesEngineFactCheckerFactory
constructor. For example:
+ import { Operator } from 'json-rules-engine';
const myFactCheckerFactory = new JsonRulesEngineFactCheckerFactory({
checks: [],
logger: env.logger,
+ operators: [ new Operator("startsWith", (a, b) => a.startsWith(b) ]
})
And you can then use it in your checks like this:
...
rule: {
conditions: {
any: [
{
fact: 'version',
operator: 'startsWith',
value: '12',
},
],
},
}
This setup requires checks to be provided using the config.
By default, this implementation comes with an in-memory storage to store checks. You can inject an additional data store by adding an implementation of TechInsightCheckRegistry
into the constructor options when creating a JsonRulesEngineFactCheckerFactory
. That can be done as follows
const myTechInsightCheckRegistry: TechInsightCheckRegistry<MyCheckType> = // snip
const myFactCheckerFactory = new JsonRulesEngineFactCheckerFactory({
checks: [],
logger: env.logger,
+ checkRegistry: myTechInsightCheckRegistry
}),
FAQs
Unknown package
We found that @backstage-community/plugin-tech-insights-backend-module-jsonfc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.