Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@eik/common
Advanced tools
This package contains common utilities and schemas used in other Eik modules.
The schema for eik.json
can be found here in this repo. Here is how you can use it in your eik.json
.
{
"$schema": "https://raw.githubusercontent.com/eik-lib/common/main/lib/schemas/eikjson.schema.json",
"name": "my-app",
"version": "1.0.0",
"server": "https://eik.store.com",
"files": "./public",
"import-map": ["https://eik.store.com/map/store/v1"]
}
@eik/common
has a JavaScript API to check against the schema.
helpers
has utility functions used by several other Eik modules.
import { helpers } from '@eik/common';
let config = helpers.getDefaults();
These are the available functions on helpers
.
Name | Description |
---|---|
getDefaults | Reads configuration from eik.json or package.json . Includes defaults for missing optional settings. |
localAssets | Sets up asset routes for local development. Mounted paths match those on Eik server and values are read from projects eik.json file. |
typeSlug | Maps between Eik configuration values for the package type and its URL/file system value. |
typeTitle | Maps between a type config value and its title. Essentially uppercases the input. |
addTrailingSlash | |
removeTrailingSlash | |
addLeadingSlash | |
removeLeadingSlash | |
resolveFiles | Uses an Eik JSON "files" definition to resolve files on disk into a data structure. Returns a list of ResolvedFile. |
configStore | Collection of helper methods for reading and writing Eik configuration files. |
Sets up asset routes for local development. Mounted paths match those on Eik server and values are read from projects eik.json file.
Given this server and eik.json
, the following routes would be added to your app.
import { helpers } from '@eik/common';
import express from 'express';
let app = express();
await helpers.localAssets(app);
{
"name": "my-app",
"version": "1.0.0",
"server": "https://eik.store.com",
"files": {
"esm.js": "./assets/esm.js",
"esm.css": "./assets/esm.css",
"/": "./assets/**/*.map"
}
}
/pkg/my-app/1.0.0/esm.js
/pkg/my-app/1.0.0/esm.css
/pkg/my-app/1.0.0/esm.js.map
/pkg/my-app/1.0.0/esm.css.map
schemas
has functions to check values against the eik.json
schema.
You can check a value against the schema for eik.json
as a whole, or for individual
values in the schema.
import { schemas } from '@eik/common';
let { error, value } = schemas.validate.eikJSON(eikConfig);
if (error) {
// fallback
}
If you prefer, you can use the assert
API which throws on error.
import { schemas } from '@eik/common';
try {
schemas.assert.eikJSON(eikConfig);
} catch {
// fallback
}
These are the available functions on schemas.validate
and schemas.assert
.
Name | Description |
---|---|
eikJSON | Checks that the given value includes required fields that are valid |
name | Checks name |
version | Checks version |
type | Checks type |
server | Checks server |
files | Checks files |
importMap | Checks import-map |
out | Checks out |
stream
has functions to check that a value is a Stream.
import { stream } from '@eik/common';
if (stream.isStream(maybeStream)) {
// yup, it's a Stream
}
if (stream.isReadableStream(maybeReadableStream)) {
// yup, it's a ReadableStream
}
validators
functions return the provided string normalized to lowercase, or throw an Error if the value does not pass the validation rules.
Where possible, prefer using the schemas
API.
import { validators } from '@eik/common';
let alias = validators.alias('1');
These are the available functions on validators
.
Name | Description |
---|---|
alias | Checks that a value is a valid alias value (ex 1) |
name | Checks that a value is a valid package name |
org | Checks that a value is a valid organisation name. |
origin | Check that a value looks like an HTTP origin. |
version | Checks that a value is a valid semver version |
semverType | Checks that a value is a valid semver type (major, minor, patch) |
type | Checks that the value is a valid Eik type (pkg, npm, map) |
FAQs
Common utilities for Eik modules
The npm package @eik/common receives a total of 1,889 weekly downloads. As such, @eik/common popularity was classified as popular.
We found that @eik/common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.