Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@invertase/firestore-stripe-payments
Advanced tools
Client SDK for the firestore-stripe-payments Firebase Extension
This package helps you integrate your web app client with the
firestore-stripe-payments
extension. It abstracts out all the typical Firestore queries, and
other database interactions necessary to use the extension. Moreover, it provides type
definitions for all the common object types that are used by the extension when processing
payments.
Start by initializing the Firebase web SDK as usual.
Then, initialize this library by passing in an App
instance obtained from the Firebase
web SDK, and configure the library to use the same Firestore collections you configured
the extension to use.
import { getApp } from "@firebase/app";
import { getStripePayments } from "@stripe/firestore-stripe-payments";
const app = getApp();
const payments = getStripePayments(app, {
productsCollection: "products",
customersCollection: "customers",
});
To fetch all the active products along with their prices, call the
getProducts()
function as follows:
import { getProducts } from "@stripe/firestore-stripe-payments";
const products = await getProducts(payments, {
includePrices: true,
activeOnly: true,
});
for (const product of products) {
// ...
}
Note that for N
products, this results in (1 + N)
Firestore queries. Fetching
the products without the prices only requires 1 Firestore query.
You can also specify filters and limits on the product query as follows:
import { getProducts } from "@stripe/firestore-stripe-payments";
const products = await getProducts(payments, {
includePrices: true,
activeOnly: true,
where: [
["metadata.type", "==", "books"],
["metadata.rating", ">=", 4],
],
limit: 10,
});
for (const product of products) {
// ...
}
import { createCheckoutSession } from "@stripe/firestore-stripe-payments";
const session = await createCheckoutSession(payments, {
price: myPriceId,
});
window.location.assign(session.url);
Calling createCheckoutSession()
as shown above will use the current page
(window.location.href
) as the success and cancel URLs for the session. Instead you
can specify your own URLs as follows:
import { createCheckoutSession } from "@stripe/firestore-stripe-payments";
const session = await createCheckoutSession(payments, {
price: myPriceId,
success_url: "https://example.com/payments/success",
cancel_url: "https://example.com/payments/cancel",
});
window.location.assign(session.url);
To create a checkout session for more than one item, pass line_items
:
import { createCheckoutSession } from "@stripe/firestore-stripe-payments";
const session = await createCheckoutSession(payments, {
line_items: [
{ price: myPriceId1 },
{ price: myPriceId2 },
],
});
window.location.assign(session.url);
Once a subscription checkout session has been created, you can listen to the Stripe subscription update events as follows:
import { onCurrentUserSubscriptionUpdate } from "@stripe/firestore-stripe-payments";
onCurrentUserSubscriptionUpdate(
payments,
(snapshot) => {
for (const change of snapshot.changes) {
if (change.type === "added") {
console.log(`New subscription added with ID: ${change.subscription.id}`);
}
}
}
);
@firebase/firestore
)@firebase/auth
)@firebase/app
)To install the dependencies, run npm install
in the firestore-stripe-web-sdk
directory.
Run npm test
to run all unit and integration tests (usually takes about 15 seconds).
To build a release artifact, run npm run build
followed by npm pack
. The resulting tarball
can be published to NPM with npm publish <tarball>
.
FAQs
Client SDK for the firestore-stripe-payments Firebase Extension
The npm package @invertase/firestore-stripe-payments receives a total of 705 weekly downloads. As such, @invertase/firestore-stripe-payments popularity was classified as not popular.
We found that @invertase/firestore-stripe-payments demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.