Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@codeplaydata/adapters
Advanced tools
Seguindo os princípios do Ports and Adapters - Alistair Cockburn essa lib é um agregado de adaptadores utilizados por outros pacotes do projeto CodePlayData. A ideia é se preocupar menos com aplicações de terceiros, i.e. banco de dados, servidos/clients http, e mais com os objetos específicos do seu projeto, como os repositórios e gateways.
Os comentários no código estarão em inglês e a documentação/testes em português.
Em uma situação em que sua infraestrutra dependa de um Banco de Dados estruturado a documentos como o MongoDB. Abaixo está a implementação desse tipo de situação:
import { database, DocumentDatabaseRepository } from '@codeplaydata/adapters';
class CustomMongoDBRepository extends DocumentDatabaseRepository {
private constructor(readonly collection: MongoDBCollection) {
super(collection)
}
async saveDoc(doc: Document) {
return await this.collection.query('insertOne', doc)
}
async clear() {
await this.collection.query('deleteMany', undefined, {})
}
static start(collection: MongoDBCollection) {
return new GenericMongoDBRepository(collection)
}
}
const mongo = http.database.document.mongo(process.env.MONGO_URI as string || "mongodb://localhost:27017", "npm_adapters", "collection1");
const repo = CustomMongoDBRepository.start(mongo);
const doc = { name: 'subject-1'};
const result = await repo.saveDoc(doc);
/.../
Para a mesma situação só que trocando o MongoDB pelo FaunaDB seria assim:
class CustomFaunaDBRepository extends DocumentDatabaseRepository {
private constructor(readonly collection: MongoDBCollection) {
super(collection)
}
async saveDoc(doc: Document) {
return await this.collection.query('Create', doc)
}
async clear() {
await this.collection.query('Delete', undefined, {})
}
static start(collection: MongoDBCollection) {
return new GenericFaunaDBRepository(collection)
}
}
const fauna = http.database.document.fauna(process.env.FAUNA_HOST as string || "http://localhost:8443", process.env.FAUNA_SECRET as string, process.env.FAUNA_COLLECTION as string || "teste");
const repo = CustomFaunaBRepository.start(fauna);
const doc = { name: 'subject-1'};
const result = await repo.saveDoc(doc);
Também é possível importar as classes diretamente sem os hooks, tendo que usar o new
em todas as chamadas.
As interfaces, classes abstratas e builders para confecção dos repositórios e gateways também estão disponíveis para importação.
Abaixo estão os adapters já implementados até agora:
Adapter | Andamento |
---|---|
MongoDB | ok |
FaunaDB | ok |
Redis | em dev |
Fetch | ok |
Axios | ok |
Express | ok |
Fastify | ok |
node:http | ok |
WebAssembly | ok |
Copyright 2023 Pedro Paulo Teixeira dos Santos
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
Unknown package
The npm package @codeplaydata/adapters receives a total of 2 weekly downloads. As such, @codeplaydata/adapters popularity was classified as not popular.
We found that @codeplaydata/adapters demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.