Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@cuenca-mx/cuenca-js
Advanced tools
cuenca-js
is a Javascript library client to use Cuenca's services.
Using npm
:
npm install --save @cuenca-mx/cuenca-js
Using yarn
:
yarn add @cuenca-mx/cuenca-js
To start using the library, the client must be configured with your credentials. Some configurations can be changed to further improve the use of the library:
Configuring the client on constructor The credentials and environment can be set when instantiating the client:
import { Cuenca } from '@cuenca-mx/cuenca-js';
import { Phase } from '@cuenca-mx/cuenca-js/types';
const cuenca = new Cuenca(
'SOME_API_KEY',
'SOME_API_SECRET',
Phase.Stage,
);
Client's configuration
The configuration can be changed after creating it using the configure
method:
import { Cuenca } from '@cuenca-mx/cuenca-js';
import { Phase } from '@cuenca-mx/cuenca-js/types';
const cuenca = new Client();
// The method will require await if `useJwt` is set to `true`
// because a request is made to Cuenca to create the JWT.
await cuenca.client.configure({
apiKey: 'SOME_API_KEY',
apiSecret: 'SOME_API_SECRET',
loginToken: 'LOGIN_TOKEN',
sessionId: 'SESSION_ID',
phase: Phase.Api, // Production environment
useJwt: true,
});
Configuration Name | Description | Default Value |
---|---|---|
apiKey | API Key credential | undefined |
apiSecret | Secret for the API Key | undefined |
phase | Used to change the environment for the client (production, stage or sandbox) | Phase.Sandbox |
loginToken | Login Token, sets X-Cuenca-LoginToken on each request | undefined |
sessionId | Session Id, sets X-Cuenca-SessionId on each request | undefined |
useJwt | If true , it will create a JWT for authentification | false |
After configuring the client, you should login to your user before performing requests on resources:
const login = await cuenca.userLogins.create('111111'); // Use 6 digit password to login
console.log(login); // UserLogin model { id: string, lastLoginAt: Date, success: bool }
Different actions may be performed on each resource depending on which of the following classes they implement:
Name | methods | Description |
---|---|---|
Retrievable | .retrieve(id) | Retrieves the resource's model given an ID |
Creatable | Implementation varies* | Creates the resource from a given data |
Updateable | Implementation varies* | Updates a resource given its ID and data |
Deactivable | Implementation varies* | Deactivates the resource given its ID |
Downloadable | .pdf() , .xml() | Returns the byte string of a document given its ID |
Queryable | .one() , .first() , .count() , .all() | Perform different types of queries on resources |
Name | Actions |
---|---|
accounts | Queryable , Retrievable |
apiKeys | Creatable , Deactivable , Queryable , Retrievable , Updateable |
arpc | Creatable |
accounts | Queryable , Retrievable |
balanceEntries | Queryable , Retrievable |
billPayments | Queryable , Retrievable |
cardActivations | Creatable |
cards | Creatable , Deactivable , Queryable , Retrievable , Updateable |
cardTransactions | Queryable , Retrievable |
cardValidations | Creatable |
commissions | Queryable , Retrievable |
deposits | Queryable , Retrievable |
loginTokens | Creatable |
savings | Creatable , Deactivable , Queryable , Retrievable , Updateable |
serviceProviders | Queryable , Retrievable |
statements | Downloadable , Queryable |
transfers | Creatable , Queryable , Retrievable |
userCredentials | Creatable , Updateable |
userLogins | Creatable , Deactivable |
walletTransactions | Creatable , Queryable , Retrievable |
whatsAppTransfers | Queryable , Retrievable |
import { AccountQuery } from '@cuenca-mx/cuenca-js/types';
let account;
account = await cuenca.accounts.first(); // Returns the first value found on the query
try {
// Throws an error if no result was found or if more than one result were found.
account = await cuenca.accounts.one(
new AccountQuery({
accountNumber: 'SOME_ACCOUNT_NUMBER',
}),
);
} catch (error) {
console.log(error);
}
Please submit an issue and how to replicate it.
Fork the repo and send your PR so we can review it! Any and all help is welcomed, just keep in mind:
Be sure to keep coverage at least 99%
Developed and maintained with 💙 by Cuenca
FAQs
Cuenca client for JS
The npm package @cuenca-mx/cuenca-js receives a total of 2 weekly downloads. As such, @cuenca-mx/cuenca-js popularity was classified as not popular.
We found that @cuenca-mx/cuenca-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.