Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@kfpersona/persona
Advanced tools
A user profile & identity management microservice.
Persona's main export is an express router, to be included in a parent application. an example instantiation is included in examples/app.ts
, which is hooked up to the npm start
script mentioned in the dev section below.
npm i --save @kfpersona/persona
.env.schema
import * as express from 'express';
import * as cors from 'cors';
import createServer from '@kfpersona/persona';
const start = async () => {
const port = 3232;
const app = express();
app.use(cors());
app.use(
await createServer({
ego: {
required: false,
accessRules: [
{
type: 'deny',
route: ['/', '/(.*)'],
role: ['admin', 'user'],
},
],
},
schemas: {
User: {
fields: {
email: 'String',
interests: ['String'],
},
collection: 'users',
},
},
tags: {
User: ['interests'],
},
}),
);
app.listen(port, () => console.log(`Listening on port: ${port}`))
};
start();
persona supports vault integration by default. the USE_VAULT
environment variable will determine whether or not persona should try to use vault to connect to mongo, or if it should use explicitly provided connection credentials.
depending on your usage the mongo instance backing persona may need migrations. persona provides migration support in the form of the persona-scripts
.
persona migrations require the global installation of the migrate-mongo
package, npm i -g migrate-mongo
. for more information visit https://www.npmjs.com/package/migrate-mongo.
after installing persona, run persona-scripts migrate --args "<<migrate-mongo commands>>"
from your project root to perform migration tasks. migrate-mongo
commands include status
, up
, down
, and create <<migration name>>
persona-scripts migrate
will create a migrations/migrations
directory structure in the root directory of your project.
see .env.schema
for details on environment variables
$ npm i
$ mongod
npm start
http://localhost:3232/graphql
To get a local instance of persona running you can use the docker compose file. This will start mongo and persona in docker.
$ docker-compose up --build
If you need a different port you can use the API_HOST_PORT
env variable
$ API_HOST_PORT=3232 docker-compose up --build
FAQs
🚧 user profile and identity management
The npm package @kfpersona/persona receives a total of 7 weekly downloads. As such, @kfpersona/persona popularity was classified as not popular.
We found that @kfpersona/persona demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.