Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@f5devcentral/atg-shared-utilities
Advanced tools
This project holds a number of generic utility functions that can be shared across the F5 Automation Toolchain projects.
This project holds a number of generic utility functions that can be shared across the F5 Automation Toolchain projects.
Read through the contributing/README.md for information on how to contribute to this project.
These utilities will assist in IP address calculations
Minimize zeroes in the string representation of an F5 IPv4/6 address
Checks if an address is IPv4
Checks if an address is IPv6
Splits an IPv4 or IPv6 address into an address and port pair
Returns the CIDR for the given netmask. Optionally returns CIDR without a leading '/'
Parses an IP address into its components: IP, route domain, CIRD, netmask, IP with route
These utilities will assist in managing promises within your program.
This function delays t (time in milliseconds). Afterwhich it resolves v (optional).
This function will resolve an array of functions sequentially. Note each function must return a Promise.
This function will resolve an array of functions in parallel. Note each function must return a Promise.
This function will run an array of promises. Then resolve with the result of the first Promise that resolves.
fn - The function to be run. options - An object with .retries and .delay. Both are required. args - An array of arguments passed into fn.
This will run the function fn with the arguments args, up to a number of times equal to options.retries, or until a resolve.
This collection of utils focuses on generic functions useful to arrays.
Takes a variable, converts it to an array (if it is not an array), and returns it. If undefined, it will return []
.
Checks if any member of tArray is present in array.
Checks if any member of target is present in array.
Inserts an item after another item in an array or at the beginning of the array.
Inserts an item before another item in an array or at the beginning of the array.
Inserts an item after another item in an array or at the end of the array.
Inserts an item before another item in an array or at the end of the array.
This collection of utils is for sending http requests.
Send an http/https request using the options and body. This is a wrapper around node's http/https request functionality.
These BIG-IP only functions will use a BIG-IP's radius server to encrypt and decrypt JSON strings for you.
This function will take in a string and return an encrypted array from that string.
This function will take in an encrypted string and return an unencrypted string.
This lib contains classes and functions that facilitate performance tracing, with current implementation using Jaeger
, which follows OpenTelemetry (see https://opentelemetry.io/docs/concepts/data-sources/ for basics)
Performance tracing is not intended for production use. But since tracing is integrated with the rest of the production code, a Tracer
has to exist, and will then act as no-op if it's not enabled upon instantiation (default).
The jaeger-client
is listed as an optional dependency and will only be loaded/required at tracer initialization and only if tracing is enabled. This is so that we don't include the modules when creating a production build.
It is recommended that projects use a separate script for creating a trace-enabled build. For example, a production build might be created using npm run build
which uses npm ci --only=production --no-optional
, while a perf build might be created using npm run buildperf
which uses npm ci --only=production
, which then allows the optional depenedencies to be included.
Jaeger throws an error for older node versions (specifically with dependency thriftrw -> error
) wherein a read-only name property is being modified. Consequently we had to modify package-lock.json and pin it to 7.2.1., otherwise, thriftw
uses its own subdirectory of node_modules with the older error version of 7.0.2.
There are two ways to enable a tracer upon instantiation:
Example variables:
export F5_PERF_TRACING_ENDPOINT=http://{jaegerHost}:{jaegerPort}/api/traces
export F5_PERF_TRACING_DEBUG=true
export F5_PERF_TRACING_ENABLED=true
Spans
/shared/myProject/myResource/{myResourceId}
which allows POST to create a new resource
Using tracer.startHttpSpan()
at the beginning of the endpoint handler when request is received will create:
/shared/myProject/myResource/{myResourceId}
.The {myResourceId}
here is literal - we don't want spans for each resourceId.http.url:shared/myProject/myResource/resourceId123
, http.method:POST
)Using tracer.startChildSpan()
in subsequent operations, (e.g. inside validateResource()
then again in createNewResource()
) and passing the previous http span as the parent arg will create those child spans with their own start and end time, tags and events. This allows for further drill down and inspection.
Tracer.close()
tracer.close()
when tracer is no longer needed to flush out any pending operations and avoid memory leaks.Copyright 2014-2023 F5 Networks Inc.
[0.10.1] - 2023-08-15
FAQs
This project holds a number of generic utility functions that can be shared across the F5 Automation Toolchain projects.
The npm package @f5devcentral/atg-shared-utilities receives a total of 2,987 weekly downloads. As such, @f5devcentral/atg-shared-utilities popularity was classified as popular.
We found that @f5devcentral/atg-shared-utilities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.