
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
@cloudflare/pubsub
Advanced tools
Useful functions for writing serverless functions around Cloudflare's Pub/Sub service (https://developers.cloudflare.com/pub-sub/)
A set of useful helper methods for writing functions to handle Cloudflare Pub/Sub messages. This includes:
isValidBrokerRequest
helper for authenticating incoming on-publish webhooksPubSubMessage
type with the fields sent from the Broker to your Worker for use with TypeScript-based Workers and/or for type-aware editors.Use npm
to install:
npm install @cloudflare/pubsub
The following example shows how to use isValidBrokerRequest
in a Worker to validate incoming on-publish webhooks from a Pub/Sub broker.
You can use wrangler
to bundle your code for deployment to Cloudflare Workers.
import { isValidBrokerRequest, PubSubMessage } from "@cloudflare/pubsub"
async function pubsub(
messages: Array<PubSubMessage>,
env: any,
ctx: ExecutionContext
): Promise<Array<PubSubMessage>> {
// Messages may be batched at higher throughputs, so we should loop over
// the incoming messages and process them as needed.
let messagesToKeep: Array<PubSubMessage>
for (let msg of messages) {
console.log(msg);
// Drop debug messages sent by our clients to reduce the load on our
// subscribers.
if (!msg.topic.startsWith("debug") {
messagesToKeep.push(msg)
}
}
return messagesToKeep;
}
const worker = {
async fetch(req: Request, env: any, ctx: ExecutionContext) {
// Critical: you must validate the incoming request is from your Broker
// In the future, Workers will be able to do this on your behalf for Workers
// in the same account as your Pub/Sub Broker.
if (await isValidBrokerRequest(req)) {
// Parse the PubSub message
let incomingMessages: Array<PubSubMessage> = await req.json();
// Pass the messages to our pubsub handler, and capture the returned
// message.
let outgoingMessages = await pubsub(incomingMessages, env, ctx);
// Re-serialize the messages and return a HTTP 200.
// The Content-Type is optional, but must either by
// "application/octet-stream" or left empty.
return new Response(JSON.stringify(outgoingMessages), { status: 200 });
}
return new Response("not a valid Broker request", { status: 403 });
},
};
export default worker;
You can use wranger publish
to publish this directly: the latest wrangler
supports TypeScript natively.
BSD 3-Clause licensed. Copyright Cloudflare, Inc. 2022.
FAQs
Useful functions for writing serverless functions around Cloudflare's Pub/Sub service (https://developers.cloudflare.com/pub-sub/)
The npm package @cloudflare/pubsub receives a total of 655 weekly downloads. As such, @cloudflare/pubsub popularity was classified as not popular.
We found that @cloudflare/pubsub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 28 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.