Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@hashicorp/api-double
Advanced tools
api-double serving via HTTP or other means
See https://github.com/hashicorp/consul-api-double/ for an example of an api-double.
'Templates' use simple native javascript template literals for very basic looping and basic logic for providing fake data.
api-double --dir path/to/templates
# Flags
--dir : set the path to template files (default ./)
--seed : set the seed for faker to use
--port : set the port to serve from (default: 3000)
# ENV vars
HC_API_DOUBLE_PORT : default port to use
HC_API_DOUBLE_DIR : default path to use
HC_API_DOUBLE_SEED: default seed to use
TODO
To provide a double for /v1/health/service/:name
Create a /v1/health/service/_
template file. This will be used for /v1/health/service/*
. Within the template the *
will be in location.segment(3)
Further configuration will be provided by a /v1/health/service/.config
file or similar as and when needed.
Right now very subject to change. But the idea is to keep them as minimal as possible and just rely on faker
, plus helpers to get things you need for doing stuff like this (easy way to loop, access to url params and headers)
HTTP data is accessible via the http object using the following properties:
http.method
http.headers.*
http.body.*
http.cookies.*
Gets the 'environment' value specified by key
, if it doesn't exist, use the
default value. 'environment' variables come from cookies by default, which
can be easily set using the browsers Web Inspector
Simple range function for creating loops
[
${
range(100000).map(
item => {
return `"service-${item}"`;
}
);
}
]
// yields
[
"service-1",
...,
"service-100000"
]
Object containing access to various faker
functions
[
${
range(100000).map(
item => {
return `${fake.address.countryCode().toLowerCase()-${item}}`;
}
);
}
]
// yields
[
"it-1",
...,
"de-100000"
]
Reference to the current url
// /v1/catalog/datacenters
[
"${location.pathname}"
]
// yields
[
"/v1/catalog/datacenters"
]
This gives you a place to access queryParams location.search.queryParamName
Reference a 'segment' in the current url
// /v1/catalog/datacenters
[
"${location.pathname.get(1)}"
]
// yields
[
"catalog"
]
FAQs
api-double serving via HTTP or other means
The npm package @hashicorp/api-double receives a total of 88 weekly downloads. As such, @hashicorp/api-double popularity was classified as not popular.
We found that @hashicorp/api-double demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.