Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@golevelup/nestjs-webhooks
Advanced tools
Make it easier to build NestJS applications that consume webhooks from third party services
npm install ---save @golevelup/nestjs-webhooks
or
yarn add @golevelup/nestjs-webhooks
Many third party webhook providing services require that the raw body be available on the request in order for it to be validated. However, a NestJS app in it's default state automatically includes JSON parsing middleware which will modify the req.body property.
The most basic use case is keeping JSON parsing on all routes except for the ones you specifically want to exclude such that the request body property remains unchanged.
In your bootstrap function (normally in main.ts
), disable body parsing. Don't worry! We'll bring it back to the other routes later.
const app = await NestFactory.create(AppModule, {
bodyParser: false,
});
If your AppModule doesn't already, implement the NestModule
interface from @nestjs/common
. This will allow you to apply middleware to specific routes.
We provide a utility function to simplify configuration using the already imported middlewares. This will automatically configure your app to apply raw body parsing to the routes you specify and then to automatically apply JSON body parsing to all other routes with the exclusion of the raw routes.
import { applyRawBodyOnlyTo } from '@golevelup/nestjs-webhooks';
class AppModule implements NestModule {
configure(consumer: MiddlewareConsumer) {
applyRawBodyOnlyTo(consumer, {
method: RequestMethod.ALL,
path: 'webhook',
});
}
}
Contributions welcome! Read the contribution guidelines first.
FAQs
Badass utilities for integrating webhooks and NestJS
We found that @golevelup/nestjs-webhooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.