Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@decaf-ts/decorator-validation
Advanced tools
Simple implementation of a Typescript decorator based validation system.
Meant to be easily extended, customized and integrated with the browser's input validation mechanisms
Provides access to common features in other languages:
Even though all code is exported in both CommonJS and ESM format, and the default is ES2022
in order to take advantage to all the latest Typescript and JS features,
when importing these libraries the following flag in tsconfig.compilerOptions
is mandatory:
{
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"useDefineForClassFields": false
}
The following npm scripts are available for development:
preinstall
- will run only on the first install to trigger the dep update. will self delete;do-install
- sets a TOKEN
environment variable to the contents of .token
and runs npm install (useful when you
have private dependencies);flash-forward
- updates all dependencies. Take care, This may not be desirable is some cases;reset
- updates all dependencies. Take care, This may not be desirable is some cases;build
- builds the code (via gulp gulpfile.js
) in development mode (generates lib
and dist
folder);build:prod
- builds the code (via gulp gulpfile.js
) in production mode (generates lib
and dist
folder);test
- runs unit tests;test:integration
- runs it tests;test:all
- runs all tests;lint
- runs es lint on the code folder;lint-fix
- tries to auto-fix the code folder;prepare-release
- defines the commands to run prior to a new tag (defaults to linting, building production code,
running tests and documentation generation);release
- triggers a new tag being pushed to master (via ./bin/tag_release.sh
);clean-publish
- cleans the package.json for publishing;coverage
- runs all test, calculates coverage and generates badges for readme;drawings
- compiles all DrawIO *.drawio
files in the workdocs/drawings
folder to png and moves them to
the workdocs/resources
folder;uml
- compiles all PlantUML *.puml
files in the workdocs/uml
folder to png and moves them to
the workdocs/resources
folder;docs
- compiles all the coverage, drawings, uml, jsdocs and md docs into a readable web page under ./docs
;decorator-validation
│
│ .gitignore <-- Defines files ignored to git
│ .npmignore <-- Defines files ignored by npm
│ .nmprc <-- Defines the Npm registry for this package
│ .eslintrc.cjs <-- linting for the project
│ .prettier.config.cjs <-- Code style for the project
│ .gitlab-ci.yml <-- Gillab CI/CD file
│ gulpfile.js <-- Gulp build scripts. used for building na other features (eg docs)
│ jest.config.ts <-- Tests Configuration file
│ mdCompile.json <-- md Documentation generation configuration file
│ jsdocs.json <-- jsdoc Documentation generation configuration file
│ Dockerfile <-- minimal example of a node service Dockerfile
│ LICENCE.md <-- Licence disclamer
│ package.json
│ package-lock.json
│ README.md <-- Readme File dynamically compiled from 'workdocs' via the 'docs' npm script
│ tsconfig.json <-- Typescript config file. Is overriden in 'gulpfile.js'
│
└───bin
│ │ tag_release.sh <-- Script to help with releases
│
└───docs
│ │ ... <-- Dinamically generated folder, containing the compiled documentation for this repository. generated via the 'docs' npm script
│
└───src
│ │ ... <-- Source code for this repository
│
└───tests
│ │───unit <-- Unit tests
│ └───integration <-- Integration tests
│
└───workdocs <-- Folder with all pre-compiled documentation
│ │───assets <-- Documentation asset folder
│ │───badges <-- Auto generated coverage badges folder
│ │───coverage <-- Auto generated coverage results
│ │───drawings <-- DrawIO folder. Drawings (*.drawio) here will be processed to generate documentation (requires docker)
│ │───uml <-- PlantUML folder. Diagrams (*.puml) here will be processed to generate documentation (requires docker)
│ │───tutorials <-- Tutorial folder
│ │ ... <-- Categorized *.md files that are merged to generate the final readme (via md compile)
│ │ Readme.md <-- Entry point to the README.md
│
└───dist
│ │ ... <-- Dinamically generated folder containing the bundles for distribution
│
└───lib
| ... <-- Dinamically generated folder containing the compiled code
If you have bug reports, questions or suggestions please create a new issue.
I am grateful for any contributions made to this project. Please read this to get started.
The first and easiest way you can support it is by Contributing. Even just finding a typo in the documentation is important.
Financial support is always welcome and helps keep the both me and the project alive and healthy.
So if you can, if this project in any way. either by learning something or simply by helping you save precious time, please consider donating.
This project is released under the MIT License.
FAQs
simple decorator based validation engine
We found that @decaf-ts/decorator-validation demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.