Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bakaat/grpc-mock
Advanced tools
[!NOTE] Main requirement was to allow modification of routes/rules on a working server of what looks to be mostly a dead repo.
Runs on node 18.x, 20.x, and updated packages.
A simple mock gRPC server on Node.js.
const {createMockServer} = require("grpc-mock");
const mockServer = createMockServer({
protoPath: "/path/to/greeter.proto",
packageName: "greeter",
serviceName: "Greeter",
rules: [
{ method: "Hello", input: { message: "test" }, output: { message: "Hello" } },
{ method: "Goodbye", input: ".*", output: { message: "Goodbye" } },
{
method: "HowAreYou",
streamType: "client",
stream: [
{ input: { message: "Hi" } },
{ input: { message: "How are you?" } },
],
output: { message: "I'm fine, thank you" }
},
{
method: "NiceToMeetYou",
streamType: "server",
stream: [
{ output: { message: "Hi, I'm Sana" } },
{ output: { message: "Nice to meet you too" } },
],
input: { message: "Hi. I'm John. Nice to meet you" }
},
{
method: "Chat",
streamType: "mutual",
stream: [
{ input: { message: "Hi" }, output: { message: "Hi there" } },
{ input: { message: "How are you?" }, output: { message: "I'm fine, thank you." } },
]
},
{ method: "ReturnsError", input: { }, error: { code: 3, message: "Message text is required"} },
{
method: "ReturnsErrorWithMetadata",
streamType: "server",
input: { },
error: { code: 3, message: "Message text is required", metadata: { key: "value"}}
}
]
});
await mockServer.listen("0.0.0.0:50051");
syntax="proto3";
package greeter;
service Greeter {
rpc Hello (RequestGreet) returns (ResponseGreet) {}
rpc Goodbye (RequestGreet) returns (ResponseGreet) {}
rpc HowAreYou (stream RequestGreet) returns (ResponseGreet) {}
rpc NiceToMeetYou (RequestGreet) returns (stream ResponseGreet) {}
rpc Chat (stream RequestGreet) returns (stream ResponseGreet) {}
}
message RequestGreet {
string message = 1;
}
message ResponseGreet {
string message = 1;
}
protoPath
,packageName
,serviceName
,options
,rules
}): utils.GrpcServerarg name | type | required/optional | description |
---|---|---|---|
protoPath | String | Required | path to .proto file |
packageName | String | Required | name of package |
serviceName | String | Required | name of service |
options | @grpc/proto-loader.Options | Optional | options for @grpc/proto-loader to load .proto file. In detail, please check here out. Default is null |
rules | Array<Rule> | Required | Array of Rules |
prop name | type | required/optional | description |
---|---|---|---|
method | String | Required | path to .proto file |
streamType | Enum<"client"|"server"|"mutual"> | Optional | Type of stream. Set client if only using client side stream, set server if only using server side stream, and set mutual if using both of client and server side stream. Set null/undefined if not using stream. Default is null |
input | Object|String | Required when streamType is null or server | Specifying an expected input. Raw object or pattern string(RegExp) is available |
output | String | Required when streamType is null or client | Specifying an output to an expected input |
stream | Array<Chunk> | Required when streamType is client , server and mutual | Array of Chunks |
error | Object | Optional | If provided, server will respond with this error object |
prop name | type | required/optional | description |
---|---|---|---|
input | Object|String | Required when streamType is client . Optional when streamType is mutual | Specifying an expected input. Raw object or pattern string(RegExp) is available. |
output | Object | Required when streamType is server . Optional when streamType is mutual | Specifying an output to an expected input |
FAQs
a simple grpc mock server
The npm package @bakaat/grpc-mock receives a total of 35 weekly downloads. As such, @bakaat/grpc-mock popularity was classified as not popular.
We found that @bakaat/grpc-mock demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.