Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@mapbox/assert-http
Advanced tools
Changelog
3.0.0
Readme
Test helpers for testing a HTTP interface. This library contains two primary interfaces; a test runner which executes a set of HTTP calls as described by files in a directory, and a extension to the assert module.
With mocha, usage looks like;
describe('api server', function(done) {
fixtures.load('/path/to/tests/').forEach(function(test) {
it(test.name, function(done) {
fixtures.runtest(test, {handlers: handlers, clean: clean}, done);
});
});
});
Syncronous function that loads text fixtures from a directory. Returns an array of test objects.
Runs an individual test. Requires a test object (from assertHTTP.load), options object and callback function. The options object may contain the keys;
handlers
; an object of keys and replacer methods for populating http requests. Handlers are async and have the function signature function(req, value, next)
clean
; an object of keys and replacer methods for sanitizing http response headers and body. Replacer methodes have the signature function(key, value, context)
Call this method to notify assertHTTP to update fixtures as it runs.
Sync version of mkdirp
md5 helper.
A pixel-by-pixel comparison of two image buffers using the node-mapnik Image.compare()
API. The options object may contain the keys:
threshold
; tolerance level of RGB value difference between two pixels. Defaults to 16.diffsize
; a float between 0-1 expressing the max allowed difference between buffer lengths. Defaults to 0.1.diffpx
; a float between 0-1 expressing the max number of pixels allowed to exceed the threshold
option. Defaults to 0.02.If res.clean
is present it is expected to be a method that json.stringify
can use to sanitize the response headers.
FAQs
HTTP test fixture helper
We found that @mapbox/assert-http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.