Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@eng-automation/integrations
Advanced tools
All integrations are unified under similar API, with following rules in mind:
getInstance(opts)
method from an integration, and pass the instance as a parameter to each method.
This allows to have more than one instance of integration. One example why this is needed, are
installation-authenticated instances of github
in cla-bot-2021
.// module.ts
import { github } from "opstooling-integrations";
export async function foo() {
await github.createCommitStatus({...});
}
// module.spec.ts
import { describe, expect, it, jest } from "@jest/globals";
import { fixtures, github } from "opstooling-integrations";
import { foo } from ".";
jest.mock("opstooling-integrations");
describe("foo", () => {
it("calls github.createCommitStatus", async () => {
jest.mocked(github.createCommitStatus).mockResolvedValue(fixtures.github.createCommitStatusSuccessfulResponse());
await foo();
expect(github.createCommitStatus).toHaveBeenCalledWith({...});
});
});
Four auth types are supported: app
, installation
, and token
.
app
authNon-installation auth type for GitHub Apps. Using this means that org/repo permissions aren't accessible.
Requires appId
and privateKey
.
installation
authThis type is used to authorize requests for specific org/repo application installation. Requires installationId
,
which can be resolved using app
auth. If app expected to have only one installation, then it can be configured through
environment. Otherwise, use github.getInstance
and pass the instance further.
Requires appId
, privateKey
and installationId
.
token
authSimplest of all, requires only token
, works for personal tokens or oauth tokens.
Environment variable | Option for getInstance() | Description | Required? | Default value |
---|---|---|---|---|
GITHUB_AUTH_TYPE | authType | app , token , installation | no | token |
GITHUB_APP_ID | appId | GitHub app ID | yes, if authType is app , or installation | - |
GITHUB_PRIVATE_KEY or GITHUB_PRIVATE_KEY_BASE64 | privateKey | GitHub app private key. Use GITHUB_PRIVATE_KEY_BASE64 to curcumvent newline issues | yes, if authType is app or installation | - |
GITHUB_TOKEN | authToken | GitHub auth token. Can be personal, oauth, etc. | yes, if authType is token | - |
GITHUB_INSTALLATION_ID | installationId | GitHub app installation id | if authType is installation | - |
GITHUB_BASE_URL | baseUrl | API endpoint URL | no | https://api.github.com |
FAQs
Parity EngAutomation reusable third party integrations
The npm package @eng-automation/integrations receives a total of 9 weekly downloads. As such, @eng-automation/integrations popularity was classified as not popular.
We found that @eng-automation/integrations demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.