Security News
Bun 1.2 Released with 90% Node.js Compatibility and Built-in S3 Object Support
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
@govuk-pay/pay-js-commons
Advanced tools
Reusable js scripts for GOV.UK Pay Node.js projects
This is a collection of client side scripts we use throughout GOV.UK
Pay in the browser. We call it browsered
because they are written in
Node.js and browsered by Browserify to make them safe for all our
browsers. We browserify within the microservice when it’s compiled.
This is a collection of validators that can be applied to inputs that will check the values and display errors using the GOV.UK elements styling.
Validators:
This requires a value from a given input
<form data-validate>
<div class="govuk-form-group">
<label for="name">Your name</label>
<input name="name" data-validate="required" value="" />
</div>
</form>
This requires the value is a valid currency amount i.e. “10” or ”9.99”.
<form data-validate>
<div class="govuk-form-group">
<label for="amount">Amount</label>
<input name="amount" data-validate="required currency" value="" />
</div>
</form>
This requires the value is a valid email address with a TLD on the end (as technically an email doesn’t need one).
<form data-validate>
<div class="govuk-form-group">
<label for="email">Your email address</label>
<input name="email" data-validate="email" value="" />
</div>
</form>
This requires the value is a 11 digit phone number, it isn’t concerned
with spacing, so 077 777 777 77
and 07777777777
are both valid.
<form data-validate>
<div class="govuk-form-group">
<label for="phone">Phone number</label>
<input name="phone" data-validate="phone" value="" />
</div>
</form>
This requires a link to begin with https://
<form data-validate>
<div class="govuk-form-group">
<label for="url">Return URL</label>
<input name="url" data-validate="https" value="" />
</div>
</form>
This requires the value is less than £100,000 as that has been deemed sensible…
<form data-validate>
<div class="govuk-form-group">
<label for="price">Amount</label>
<input name="price" data-validate="belowMaxAmount" value="" />
</div>
</form>
This requires a password be at least 10 chars
<form data-validate>
<div class="govuk-form-group">
<label for="password">Password</label>
<input name="password" data-validate="passwordLessThanTenChars" value="" />
</div>
</form>
This requires a value be less than a certain number of characters. This limit
is set within a data-attribute
<form data-validate>
<div class="govuk-form-group">
<label for="title">Title</label>
<input name="title" data-validate="isFieldGreaterThanMaxLengthChars" data-validate-max-length="255" value="" />
</div>
</form>
This checks whether a field contains characters than would cause NAXSI to get upset,
meaning characters that look like code injection
i.e. < > ; : ` ( ) " \' = | , ~ [ ]
<form data-validate>
<div class="govuk-form-group">
<label for="title">Title</label>
<input name="title" data-validate="isNaxsiSafe" value="" />
</div>
</form>
These are small functions that power the nunjucks filters but can also be used for server side stuff too.
These get loaded in to the Nunjucks environment and then can apply changes to variables in templates.
For example if a country comes in as ISO code EN
it can be converted to it’s name like so
<p>{{ countryCode | countryISOtoName }}</p>
Or a pence value can be converted to GBP
<dl>
<dt>Amount:</dt>
<dd>{{ amount | penceToPounds }}</dd>
</dl>
Used in our Node.js apps to call APIs such as connector or ledger.
Uses the NPM Axios library.
The base client provides the following configuration options:
boolean
true
and all status codes are considered a successful request. You code will then need to handle the response appropriately. Currently, only pay-frontend
requires this to be set to true
.If a GET
request provides a response with the error message ECONNRESET
- the the Axios base client will automatically try that request another 2 times - 3 times in total.
By default, on each failed request, it will call the onFailureResponse
callback.
If acceptAllStatusCodes=true
, then it will call the onSuccessResponse
callback.
After a pull request is merged, Concourse will automatically create a new release pull request that increments the package version.
This pull request must be reviewed and merged by a developer.
Once the release pull request is merged, GitHub Actions will publish the new versioned package to NPM.
IMPORTANT: Other pull requests will be blocked from merging until the release pull request is merged or closed.
GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our vulnerability disclosure policy and our security.txt file for details.
FAQs
Reusable js scripts for GOV.UK Pay Node.js projects
The npm package @govuk-pay/pay-js-commons receives a total of 211 weekly downloads. As such, @govuk-pay/pay-js-commons popularity was classified as not popular.
We found that @govuk-pay/pay-js-commons demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.