
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
@curveball/problem
Advanced tools
A middleware for converting errors into application/problem+json
This package is a middleware for the Curveball framework that catches any
exception and turns them into application/problem+json
responses, as defined
in RFC9457.
By default any exception turns into a non-descript 500 Internal Server Error. To create a more specific error, use an exception from the @curveball/http-errors package or implement one of the interfaces.
npm install @curveball/problem
import problemMw from '@curveball/problem';
import { Application } from '@curveball/kernel';
const app = new Application();
app.use(problemMw());
Typically you will want the problem middleware to be one of the first middlewares you add to the server. Only exceptions from midddlewares that come after the problem middleware can be caught.
You can throw the following kinds of errors.
httpStatus
property. Any error that's thrown that has a
httpStatus
property will automatically use that http status. The error
message will be used as a title.By default the middleware will emit a detailed error for any exception that implements the http-errors interfaces, because the assumption is that if these errors were emitted, they were intended for the user of the server.
Any exceptions that are thrown that don't implement these interfaces are stripped from their message and detail and converted to a 500 error to avoid potential security issues.
It's possible to turn this off during development in two ways. You can set the debug setting to true as such:
app.use(problemMw({
debug: true
});
The second way is by setting the environemnt variable NODE_ENV
to the string
development
.
If the debug
property is set, that value always takes precedent.
If quiet mode is enabled, 4XX errors are not logged. Client errors are common and usually expected behavior, so it might be preferable for them to not spam the log.
app.use(problemMw({
quiet: true
});
FAQs
A middleware for converting errors into application/problem+json
The npm package @curveball/problem receives a total of 887 weekly downloads. As such, @curveball/problem popularity was classified as not popular.
We found that @curveball/problem demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.