
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
@fastify/flash
Advanced tools
The flash is a special area of the session used for storing messages. Messages are written to the flash and cleared after being displayed to the user. The flash is typically used in combination with redirects, ensuring that the message is available to the next page that is to be rendered.
This plugin is inspired by connect-flash.
npm i @fastify/flash
Flash messages are stored in the session. First, we need to register the session plugin: @fastify/secure-session.
const fastify = require('fastify')()
const fastifySession = require('@fastify/secure-session')
const fastifyFlash = require('@fastify/flash')
fastify.register(fastifySession, {
// adapt this to point to the directory where secret-key is located
key: fs.readFileSync(path.join(__dirname, 'secret-key')),
cookie: {
// options from setCookie, see https://github.com/fastify/fastify-cookie
}
})
fastify.register(fastifyFlash)
fastify.get('/test', (req, reply) => {
req.flash('warning', ['username required', 'password required'])
const warning = reply.flash('warning')
reply.send({ warning }) // {"warning":["username required","password required"]}
})
@fastify/secure-session
can be replaced by any session plugin as long as it:
Signature
req.flash(type: string, ...message: string[] | [string[]]): number
It can be called in three different ways:
req.flash('info', 'Welcome back')
req.flash('warning', ['username required', 'password required'])
req.flash('info', 'Hello %s', 'Jared') // will use util.format to format the string
req.flash
returns the number of messages stored with the provided type.
signature
reply.flash(type?: string): { [k: string]: undefined | string[] } | string[]
It can be called in two different ways:
reply.flash() // returns all messages as object { [k: string]: undefined | string[] }
reply.flash('info') // returns an array of messages that are stored with the provided type
Licensed under MIT.
FAQs
Flash message plugin for fastify.
The npm package @fastify/flash receives a total of 15,101 weekly downloads. As such, @fastify/flash popularity was classified as popular.
We found that @fastify/flash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.