Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@mashroom/mashroom-helmet

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mashroom/mashroom-helmet - npm Package Versions

13
9

2.4.4

Diff

Changelog

Source

2.4.4 (September 8, 2023)

  • MongoDB Storage Provider: Fixed readiness probe, didn't work properly under same circumstances
  • MongoDB Session Provider: Fixed readiness probe, didn't work properly under same circumstances
  • HTTP Proxy: Pass the x-forwarded- headers to backends by default to allow them to get the actual client IP
  • HTTP Proxy: Header filtering applies now the forwardHeaders patterns to the full header (instead of accepting headers that just contain a part of the pattern, e.g. x-my-own-content-type was accepted because of content-type)
jkofler
published 2.4.3 •

Changelog

Source

2.4.3 (July 27, 2023)

  • Portal: The time until session expiration is now calculated on the server-side. This fixes problems with premature logouts due to an invalid system time on the client. See #114
  • Portal: portalAppService.checkLoadedPortalAppsUpdated() checks now if the server version is actually different and not just compares the reload timestamps
  • Portal: Improved again the detection which App caused a browser error (for unhandled promise rejections)
jkofler
published 2.4.2 •

Changelog

Source

2.4.2 (June 21, 2023)

  • HTTP Proxy: Provides now also metrics for total requests, errors and timeouts per target host
  • HTTP Proxy: Fixed poolMaxWaitingRequestsPerHost handling if an HTTP interceptor rewrites the target URL
jkofler
published 2.4.1 •

Changelog

Source

2.4.1 (June 14, 2023)

  • Admin UI: The auto refresh of Admin UI pages is now disabled by default; can be enabled via link in the top right corner
  • Kubernetes Remote App Registry: If the service port changes also service url should change where the config if obtained from
  • MongoDB Storage Provider: Fixed a potential problem in the health probe which could lead to the situation that the server never reaches ready state
  • External Redis Messaging Provider: Fixed a bug in the health probe which could lead to the situation that the server never reaches ready state
  • Rest Proxy Demo App: Replaced legacy spacexdata.com API
jkofler
published 2.4.0 •

Changelog

Source

2.4.0 (June 9, 2023)

  • Core: Ignore dot folders during initial plugin scan
  • Added an external messaging provider plugin that uses Redis PubSub (plugin name: mashroom-messaging-external-provider-redis). This allows it to use Redis for messaging between Mashroom clusters (client-side and server-side) and for communication with 3rd party system. See #35
  • Remote Messaging Demo App: Also subscribe to topic global-notifications that allows it to broadcast a message to all users
  • Helmet Middleware: Fixed default order to avoid ERR_HTTP_HEADERS_SENT errors
  • Core: Added Support for Node.js 20
  • Core: BREAKING CHANGE Dropped support for Node.js 14 which reached EOL
  • Core: BREAKING CHANGE Renamed the server config property devModePreferredBuildTool to devModeDisableNxSupport which makes more sense, because that was the idea behind the property
  • HTTP Proxy: Added new metrics for WebSocket connections:
    • mashroom_http_proxy_ws_connections_active_total
    • mashroom_http_proxy_ws_connections_active
  • HTTP Proxy: Added the possibility to limit WebSocket connections through the proxy. New config properties:
    • wsMaxConnectionsTotal (setting this to 0 disables proxying WS connections)
    • wsMaxConnectionsPerHost
  • HTTP Proxy: BREAKING_CHANGE Renamed pool metrics
    • mashroom_http_proxy_active_connections_total -> mashroom_http_proxy_http_pool_connections_active_total
    • mashroom_http_proxy_idle_connections_total -> mashroom_http_proxy_http_pool_connections_idle_total
    • mashroom_http_proxy_waiting_requests_total -> mashroom_http_proxy_http_pool_waiting_requests
    • mashroom_https_proxy_active_connections_total -> mashroom_http_proxy_https_pool_connections_active_total
    • mashroom_https_proxy_idle_connections_total -> mashroom_http_proxy_https_pool_connections_idle_total
    • mashroom_https_proxy_waiting_requests_total -> mashroom_http_proxy_https_pool_waiting_requests_total
  • HTTP Proxy: Added additional config properties to fine tune the HTTP connection pool:
    • poolMaxTotalSockets
    • poolMaxSocketsPerHost (should be used instead of poolMaxSockets which is now deprecated)
    • poolMaxWaitingRequestsPerHost - limit the number of waiting requests if all connections for a host are already occupied. Helps to avoid the problem that a single unresponsive API/backend can fill up the reverse proxy connection pools and might render the whole server unreachable - see #112
  • Add User Headers plugin: Remove all characters not allowed in HTTP headers from the display name
  • HTTP Proxy: Added 4 new metrics for active and waiting requests per target URL, see #111
    • mashroom_http_proxy_http_pool_connections_active
    • mashroom_http_proxy_http_pool_waiting_requests
    • mashroom_http_proxy_https_pool_connections_active
    • mashroom_http_proxy_https_pool_waiting_requests
  • Metrics Collector: Added the possibility to reset Gauges, this is useful if some label dynamically "disappear" and needs to be removed
jkofler
published 2.3.2 •

Changelog

Source

2.3.2 (April 14, 2023)

  • Core: Added the possibility to set the preferred build tool in the server config (devModePreferredBuildTool). This can be used to enforce npm if you experience troubles with nx.
  • Core: Never run npm install in dev mode if a given package is not a root module and part of a mono-repo. Because in that case running npm install might break the lock file; and it is also not possible to detect if running it is necessary, because there could simply be no node_modules folder because of hoisting.
jkofler
published 2.3.1 •

Changelog

Source

2.3.1 (April 3, 2023)

  • Portal: Added a config property versionHashSalt that allows it to generate different resource version hashes per server instance. Can be used to make sure future hashes cannot be predicted or if you want to switch between different server versions on the same domain without polluting the reverse proxy cache.
  • Portal: Added to property adminApp to the page render model, so the Admin panel can be removed if no Admin App has been set. Fixes the problem that an empty black panel remained at top in this case.
  • Portal: The client side log now determines correctly which App caused an error, even within Composite Apps
jkofler
published 2.3.0 •

Changelog

Source

2.3.0 (February 10, 2023)

  • Portal: Made sure that the session is not touched for resource requests (images, JS, CSS) and the set-cookie header not set. Otherwise, the resources will not be cached by proxy servers.
  • Kubernetes Remote App Registry: If the service port changes the App definition gets reloaded with the next scan
  • Portal: Hot reload of Apps works now on all sites and when mashroom-vhost-path-mapper is being used
  • Kubernetes Remote App Registry: Added a config property unregisterAppsAfterScanErrors to control if Apps should be unregistered if a service cannot be reached anymore
  • Remote App Registry: Added a config property unregisterAppsAfterScanErrors to if Apps should be unregistered if an endpoint cannot be reached anymore. This fixes the problem that Apps got unregistered if the endpoint was down during the refresh. Default is -1 which means Apps are never unregistered automatically. A value of 3 would mean that Apps would be unregistered after 3 retries or 3 minutes if the scan interval is 1 minute.
  • Remote App Registry: Unregister Apps properly if they disappear from an endpoint with multiple Apps
  • Admin Toolbar: If a page gets deleted all subpages are moved up the parent level (until now they just disappeared)
  • Admin Toolbar: Doesn't allow to remove the last Site anymore
  • Portal: Made sure that all related resources are removed from the storage if a Site or Page is deleted (Permissions, App Instances, ...)
  • Portal: Added a method checkLoadedPortalAppsUpdated() to the portalAppService which allows it to check if the Portal Apps loaded in the Browser have been redeployed. This could be used in a (long-running) dynamic cockpit to inform the user that some Apps might not work as expected anymore and a reload of the page would be recommended.
  • Sandbox Apps: Shows now the number of loaded resources, the resources size and (if available) the memory usage of the page
  • Portal: The App Info shows now also the number of the loaded resources for an App and the decoded size of those resources
  • Core: Uses nx for building in dev mode if it is available. This should lead to a much faster startup in dev mode, especially if the distributed cloud cache is used.
  • Core: Improved support for ts-node. If Mashroom runs with ts-node all config files can be written in TypeScript. This includes plugin config files. Example server config file mashroom.ts:
  import type {MashroomServerConfig} from '@mashroom/mashroom-json-schemas/type-definitions';
  const serverConfig: MashroomServerConfig = {
      name: 'Mashroom Test Server 7',
      port: 5050,
      // ...
  ];
  export default serverConfig;
  • Portal: Disabled caching of Portal App chunks (from code splitting) that do not include a content hash in the file name. Because in that case the Browser would cache the chunk forever even if the content changes. If you use webpack you can add the content hash like this to chunk names:
     output: {
         // ...
         chunkFilename: 'my-app.[contenthash].js',
     }
    
  • Portal: Added support for ES6 modules in Apps. It will automatically be turned on if the bootstrap file name ends with .mjs. Checkout the example here: https://github.com/nonblocking/mashroom-plugin-demos/tree/master/packages/mashroom-demo-plain-es6-portal-app That is just a neat tech demo, in the real world you should always use a bundler, because loading dozens of uncompressed small files is very inefficient, and it is also not possible to load libraries from node_modules.
  • Portal: Added support for code-splitting in shared libraries. The only precondition is that the name of the chunks needs to be <shared_lib_base_name>.<chunk_name>.js; you would configure that in webpack like this:
      output: {
        path: __dirname + '/dist',
        filename: 'my_shared_library.js',
        chunkFilename: 'my_shared_library.[contenthash].js'
      }
    
  • Core: Fixed the type of pluginContext.service.<service_ns>: it can now be undefined because the plugin might not be loaded. This can be a BREAKING CHANGE, and you have to following options to fix TypeScript errors:
     // If the services is added as "required" in the plugin definition
     const requiredService: MashroomSecurityService = pluginContext.services.security!.service;
     // Otherwise
     const optionalService: MashroomSecurityService | unknown = pluginContext.services.security?.service;
    
     // Alternatively extend MashroomServicePluginNamespaces in a type declaration file
     declare module '@mashroom/mashroom/type-definitions' {
         export interface MashroomServicePluginNamespaces {
             security: { service: MashroomSecurityService; } | /* might not be loaded yet */ undefined;
             // Orther service plugins
         }
     }
    
jkofler
published 2.2.3 •

Changelog

Source

2.2.3 (December 19, 2022)

  • Metrics Collector: Replace values in route labels (/my-api/customers/123456 -> /my-api/customers/#val)
  • Core: Properly exit after HTTP server shutdown
jkofler
published 2.2.2 •

Changelog

Source

2.2.2 (December 17, 2022)

  • LDAP Security Provider and Simple Security Provider: Fixed the problem that some URL query parameters got lost after login. E.g. an URL like http://localhost:5050/portal/web/test1/sub1?a=1&b=2&c=3 was reduced to http://localhost:5050/portal/web/test1/sub1?a=1 after login.
  • Sandbox App: Introduced a query flag sbAutoTest that replaces all code inputs by simple text areas, which makes it possible to fill them with automated test tools
  • Core: Fixed shutdown of fs watcher in development mode (hung sometimes)
  • Metrics Collector: Reduced the number generated labels for mashroom_http_request_ metrics. This reduces the Prometheus load, because every label generates a new time series
  • Prometheus Exporter: Fixed a memory leak when the metrics were obtained via PM2 intercom
  • OpenID Connect Security Provider: Fixed the problem that authentication attempts could fail if the IDP redirected back very quickly, but the session was not persisted in the store yet
  • Portal: Added the attribute data-mr-app-name to the default App wrapper to simplify end-2-end testing
  • Portal: The SSR route of Remote Apps will receive now also the path and the query parameters of the original request The body of the POST request looks like this now:
    export type MashroomPortalAppSSRRemoteRequest = {
       readonly originalRequest: {
        readonly path: string;
        readonly queryParameters: Record<string, any>;
      };
      readonly portalAppSetup: MashroomPortalAppSetup;
    }
    
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc