@govuk-pay/pay-js-commons
Advanced tools
Reusable js scripts for GOV.UK Pay Node.js projects
This is a collection of client side scripts we use throughout GOV.UK
Pay in the browser. We call it browsered because they are written in
Node.js and browsered by Browserify to make them safe for all our
browsers. We browserify within the microservice when it’s compiled.
This is a collection of validators that can be applied to inputs that will check the values and display errors using the GOV.UK elements styling.
Validators:
This requires a value from a given input
<form data-validate>
<div class="govuk-form-group">
<label for="name">Your name</label>
<input name="name" data-validate="required" value="" />
</div>
</form>
This requires the value is a valid currency amount i.e. “10” or ”9.99”.
<form data-validate>
<div class="govuk-form-group">
<label for="amount">Amount</label>
<input name="amount" data-validate="required currency" value="" />
</div>
</form>
This requires the value is a valid email address with a TLD on the end (as technically an email doesn’t need one).
<form data-validate>
<div class="govuk-form-group">
<label for="email">Your email address</label>
<input name="email" data-validate="email" value="" />
</div>
</form>
This requires the value is a 11 digit phone number, it isn’t concerned
with spacing, so 077 777 777 77 and 07777777777 are both valid.
<form data-validate>
<div class="govuk-form-group">
<label for="phone">Phone number</label>
<input name="phone" data-validate="phone" value="" />
</div>
</form>
This requires a link to begin with https://
<form data-validate>
<div class="govuk-form-group">
<label for="url">Return URL</label>
<input name="url" data-validate="https" value="" />
</div>
</form>
This requires the value is less than £100,000 as that has been deemed sensible…
<form data-validate>
<div class="govuk-form-group">
<label for="price">Amount</label>
<input name="price" data-validate="belowMaxAmount" value="" />
</div>
</form>
This requires a password be at least 10 chars
<form data-validate>
<div class="govuk-form-group">
<label for="password">Password</label>
<input name="password" data-validate="passwordLessThanTenChars" value="" />
</div>
</form>
This requires a value be less than a certain number of characters. This limit
is set within a data-attribute
<form data-validate>
<div class="govuk-form-group">
<label for="title">Title</label>
<input name="title" data-validate="isFieldGreaterThanMaxLengthChars" data-validate-max-length="255" value="" />
</div>
</form>
This checks whether a field contains characters than would cause NAXSI to get upset,
meaning characters that look like code injection
i.e. < > ; : ` ( ) " \' = | , ~ [ ]
<form data-validate>
<div class="govuk-form-group">
<label for="title">Title</label>
<input name="title" data-validate="isNaxsiSafe" value="" />
</div>
</form>
These are small functions that power the nunjucks filters but can also be used for server side stuff too.
These get loaded in to the Nunjucks environment and then can apply changes to variables in templates.
For example if a country comes in as ISO code EN it can be converted to it’s name like so
<p>{{ countryCode | countryISOtoName }}</p>
Or a pence value can be converted to GBP
<dl>
<dt>Amount:</dt>
<dd>{{ amount | penceToPounds }}</dd>
</dl>
Used in our Node.js apps to call APIs such as connector or ledger.
Uses the NPM Axios library.
The base client provides the following configuration options:
boolean
true and all status codes are considered a successful request. You code will then need to handle the response appropriately. Currently, only pay-frontend requires this to be set to true.If a GET request provides a response with the error message ECONNRESET - the the Axios base client will automatically try that request another 2 times - 3 times in total.
By default, on each failed request, it will call the onFailureResponse callback.
If acceptAllStatusCodes=true, then it will call the onSuccessResponse callback.
After a pull request is merged, Concourse will automatically create a new release pull request that increments the package version.
This pull request must be reviewed and merged by a developer.
Once the release pull request is merged, GitHub Actions will publish the new versioned package to NPM.
IMPORTANT: Other pull requests will be blocked from merging until the release pull request is merged or closed.
GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our vulnerability disclosure policy and our security.txt file for details.
FAQs
Reusable js scripts for GOV.UK Pay Node.js projects
The npm package @govuk-pay/pay-js-commons receives a total of 234 weekly downloads. As such, @govuk-pay/pay-js-commons popularity was classified as not popular.
We found that @govuk-pay/pay-js-commons demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.