
Security News
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
@basketry/express
Advanced tools
Basketry generator for generating ExpressJS routers. This parser can be coupled with any Basketry parser.
The following example generates ExpressJS routers from a "Swagger" doc:
https://petstore.swagger.io/v2/swagger.json
as petstore.json
in the root of your project.npm install -g basketry @basketry/swagger-2 @basketry/express @basketry/typescript @basketry/typescript-validators
basketry --source petstore.json --parser @basketry/swagger-2 --generators @basketry/express @basketry/typescript @basketry/typescript-validators --output src
When the last step is run, basketry will parse the source file (petstore.json
) using the specified parser (@basketry/swagger-2
) and then run each specified generator (@basketry/express
, @basketry/typescript
, and @basketry/typescript-validators
) writing the output folder (src
).
The routers can then be added to an Express server:
import * as express from 'express';
import {
ApiKeyStrategy,
authentication,
OAuth2Strategy,
petRoutes,
storeRoutes,
userRoutes,
} from './v1/express-routers'; // Generated by @basketry/express
import { PetService, StoreService, UserService } from './v1/types'; // Generated by @basketry/typescript
import { DbPetService, DbStoreService, DbUserService } from './services'; // Your hand-written implementations of the generated service interfaces
const app = express();
const apiKeyStrategy: ApiKeyStrategy = (key) => {
return Promise.resolve({
isAuthenticated: key === 'abcdef', // TODO: verify API key
scopes: new Set(),
});
};
const oauth2Strategy: OAuth2Strategy = (accessToken) => {
return Promise.resolve({
isAuthenticated: accessToken === 'abcdef', // TODO: verify access token
scopes: new Set(), // TODO: parse scopes from token
});
};
app.use('/v1', [
authentication({
api_key: apiKeyStrategy,
petstore_auth: oauth2Strategy,
}),
petRoutes(new DbPetService()),
storeRoutes(new DbStoreService()),
userRoutes(new DbUserService()),
]);
// TODO: add global error handlers, etc
app.listen(8000, () => {
console.log('listening on', 8000);
});
Consider adding the following Basketry config:
{
"parser": "@basketry/swagger-2",
"generators": [
"@basketry/typescript",
"@basketry/typescript-auth",
"@basketry/typescript-validators",
"@basketry/express"
],
"source": "petstore.oas2.json",
"output": "src"
}
The services passed to each route builder can have one of two different scopes.
When an instance of a service class is directly passed to a route builder, that same instance will be used for all requests. This means that any instance values within the class will be available across all calls to the service until the Express server is restarted.
app.use('/v1', [
petRoutes(new DbPetService()),
storeRoutes(new DbStoreService()),
userRoutes(new DbUserService()),
]);
When a function that returns an instance of a service class is passed to a router builder, the function will be run once for each request. This allows a new instance of a function to be created for each request. After the request is returns, the instance of the class will fall out of scope and may then be garbage collected by the Node process.
app.use('/v1', [
petRoutes(() => new DbPetService()),
storeRoutes(() => new DbStoreService()),
userRoutes(() => new DbUserService()),
]);
If needed, the Express Request object is passed as a parameter to the service initializer function. This allows for services to be constructed based on data from the request.
app.use('/v1', [
petRoutes(() => new DbPetService()),
storeRoutes(() => new DbStoreService()),
userRoutes((req) => new DbUserService(req.user)),
]);
Each route hander performs an authorization check prior to calling the service. If the current caller is not authenicated or is not authorized, the service method will not be called and the appropriate HTTP reponse will be returned instead.
The auth context used to perform these checks (in the form of an AuthService
instance) may be accessed from the request object:
app.use('/v1', [
// This middleware creates the auth context
authentication({
// The following are defined using OpenAPI's security and securityDefinition specs
api_key: apiKeyStrategy,
petstore_auth: oauth2Strategy,
}),
petRoutes(new DbPetService()),
storeRoutes(new DbStoreService()),
userRoutes((req) => {
// Auth context may be accessed via the req object
const authService = req.basketry?.context;
return new DbUserService(authService);
}),
]);
npm ci
npm run build
npm start
Note that the lint
script is run prior to build
. Auto-fixable linting or formatting errors may be fixed by running npm run fix
.
.test.ts
suffixnpm t
/coverage/lcov-report/index.html
main
branch.npm version {major|minor|patch}
git push origin main --follow-tags
The publish workflow will build and pack the new version then push the package to NPM. Note that publishing requires write access to the main
branch.
Generated with generator-ts-console
FAQs
Basketry generator for generating Express JS routers
The npm package @basketry/express receives a total of 834 weekly downloads. As such, @basketry/express popularity was classified as not popular.
We found that @basketry/express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.