Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@cap-js/advanced-event-mesh
Advanced tools
@cap-js/advanced-event-mesh
CDS plugin providing integration with SAP Integration Suite, advanced event mesh
Welcome to @cap-js/advanced-event-mesh
About this project
CDS plugin providing integration with SAP Integration Suite, advanced event mesh.
Table of Contents
Requirements
See Getting Started on how to jumpstart your development and grow as you go with SAP Cloud Application Programming Model (CAP). To learn about messaging in CAP, please consult the guide on Events & Messaging.
Setup
Install the plugin via:
npm add @cap-js/advanced-event-mesh
Then, set the kind of your messaging service to advanced-event-mesh:
{
"cds": {
"requires": {
"messaging": {
"kind": "advanced-event-mesh"
}
}
}
}
Setting Up the Broker
The broker itself must be created manually in SAP Integration Suite, advanced event mesh and trust must be established to the respective application in SAP Cloud Identity Services, both for the Solace broker and the SEMP API. For details, please consult SAP Integration Suite, advanced event mesh's documentation at help.pubsub.em.services.cloud.sap and help.sap.com.
Specifically, you need to configure SAP Integration Suite, advanced event mesh to allow your CAP application to connect to the broker. For this, follow guide CAP Plugin for SAP Integration Suite, Advanced Event Mesh.
Finally, the broker's credentials must be provided via a user-provided service instance with the name advanced-event-mesh and credentials in the following format:
{
"authentication-service": {
"tokenendpoint": "https://<ias host>/oauth2/token",
"clientid": "<client id>",
"clientsecret": "<client secret>"
},
"endpoints": {
"advanced-event-mesh": {
"uri": "https://<broker host>:<port>",
"smf_uri": "wss://<broker host>:<port>"
}
},
"vpn": "<vpn>"
}
To troubleshoot connection issues, set log level for component messaging to DEBUG.
Check cds.log() for how to maintain log levels.
Broker Validation
Your app must be bound to an instance of service SAP Integration Suite, advanced event mesh with plan aem-validation-service.
Please see Validation of VMR Provisioning for more information.
Additional Configuration Options
Additional configuration options for the messaging service (i.e., cds.requires.messaging) are:
| Property | Type | Description |
|---|---|---|
skipManagement | boolean | If set to true, the plugin will not create a queue or subscription. This is useful if you want to manage these resources manually, default: false |
subaccountId | string | The ID of the subaccount in which SAP Integration Suite, advanced event mesh is subscribed. This is necessary in case the app runs in a different subaccount. |
session | SessionProperties | Used for createSession |
queue | createMsgVpnQueue | The queue object which is created via the SEMP API |
consumer | MessageConsumerProperties | Used for createMessageConsumer |
clientFactory | SolclientFactoryProperties | Used to create the SolclientFactory instance |
The default values can be found in the plugin's package.json.
As always, the effective configuration for your project can be queried via CLI command cds env.
For more details, please refer to the messaging section of the CAP Node.js documentation.
Support, Feedback, Contributing
This project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.
Security / Disclosure
If you find any bug that may be a security problem, please follow our instructions at in our security policy on how to report it. Please do not create GitHub issues for security-related doubts or problems.
Code of Conduct
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.
Licensing
Copyright 2024 SAP SE or an SAP affiliate company and advanced-event-mesh contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.
Version 1.0.0 - 2025-09-29
Added
- Support for subaccount cross-consumption via configuration option
subaccountId
FAQs
CDS plugin providing integration with SAP Integration Suite, advanced event mesh
The npm package @cap-js/advanced-event-mesh receives a total of 3,435 weekly downloads. As such, @cap-js/advanced-event-mesh popularity was classified as popular.
We found that @cap-js/advanced-event-mesh demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 29 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025