Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@metamask/json-rpc-engine
Advanced tools
Readme
@metamask/json-rpc-engine
A tool for processing JSON-RPC requests and responses.
yarn add @metamask/json-rpc-engine
or
npm install @metamask/json-rpc-engine
const { JsonRpcEngine } = require('@metamask/json-rpc-engine');
const engine = new JsonRpcEngine();
Build a stack of JSON-RPC processors by pushing middleware to the engine.
engine.push(function (req, res, next, end) {
res.result = 42;
end();
});
Requests are handled asynchronously, stepping down the stack until complete.
const request = { id: 1, jsonrpc: '2.0', method: 'hello' };
engine.handle(request, function (err, response) {
// Do something with response.result, or handle response.error
});
// There is also a Promise signature
const response = await engine.handle(request);
Middleware have direct access to the request and response objects.
They can let processing continue down the stack with next()
, or complete the request with end()
.
engine.push(function (req, res, next, end) {
if (req.skipCache) return next();
res.result = getResultFromCache(req);
end();
});
By passing a return handler to the next
function, you can get a peek at the result before it returns.
engine.push(function (req, res, next, end) {
next(function (cb) {
insertIntoCache(res, cb);
});
});
If you specify a notificationHandler
when constructing the engine, JSON-RPC notifications passed to handle()
will be handed off directly to this function without touching the middleware stack:
const engine = new JsonRpcEngine({ notificationHandler });
// A notification is defined as a JSON-RPC request without an `id` property.
const notification = { jsonrpc: '2.0', method: 'hello' };
const response = await engine.handle(notification);
console.log(typeof response); // 'undefined'
Engines can be nested by converting them to middleware using JsonRpcEngine.asMiddleware()
:
const engine = new JsonRpcEngine();
const subengine = new JsonRpcEngine();
engine.push(subengine.asMiddleware());
async
MiddlewareIf you require your middleware function to be async
, use createAsyncMiddleware
:
const { createAsyncMiddleware } = require('@metamask/json-rpc-engine');
let engine = new RpcEngine();
engine.push(
createAsyncMiddleware(async (req, res, next) => {
res.result = 42;
next();
}),
);
async
middleware do not take an end
callback.
Instead, the request ends if the middleware returns without calling next()
:
engine.push(
createAsyncMiddleware(async (req, res, next) => {
res.result = 42;
/* The request will end when this returns */
}),
);
The next
callback of async
middleware also don't take return handlers.
Instead, you can await next()
.
When the execution of the middleware resumes, you can work with the response again.
engine.push(
createAsyncMiddleware(async (req, res, next) => {
res.result = 42;
await next();
/* Your return handler logic goes here */
addToMetrics(res);
}),
);
You can freely mix callback-based and async
middleware:
engine.push(function (req, res, next, end) {
if (!isCached(req)) {
return next((cb) => {
insertIntoCache(res, cb);
});
}
res.result = getResultFromCache(req);
end();
});
engine.push(
createAsyncMiddleware(async (req, res, next) => {
res.result = 42;
await next();
addToMetrics(res);
}),
);
If your middleware has teardown to perform, you can assign a method destroy()
to your middleware function(s),
and calling JsonRpcEngine.destroy()
will call this method on each middleware that has it.
A destroyed engine can no longer be used.
const middleware = (req, res, next, end) => {
/* do something */
};
middleware.destroy = () => {
/* perform teardown */
};
const engine = new JsonRpcEngine();
engine.push(middleware);
/* perform work */
// This will call middleware.destroy() and destroy the engine itself.
engine.destroy();
// Calling any public method on the middleware other than `destroy()` itself
// will throw an error.
engine.handle(req);
Handle errors via end(err)
, NOT next(err)
.
/* INCORRECT */
engine.push(function (req, res, next, end) {
next(new Error());
});
/* CORRECT */
engine.push(function (req, res, next, end) {
end(new Error());
});
However, next()
will detect errors on the response object, and cause
end(res.error)
to be called.
engine.push(function (req, res, next, end) {
res.error = new Error();
next(); /* This will cause end(res.error) to be called. */
});
This package is part of a monorepo. Instructions for contributing can be found in the monorepo README.
FAQs
A tool for processing JSON-RPC messages
We found that @metamask/json-rpc-engine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.