Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@microsoft/mgt
Advanced tools
The Microsoft Graph Toolkit is a collection of reusable, framework-agnostic components and authentication providers for accessing and working with Microsoft Graph. The components are fully functional right of out of the box, with built in providers that authenticate with and fetch data from Microsoft Graph.
The @microsoft/mgt
package brings all mgt packages together (with the exception of @microsoft/mgt-react
) and bundles them in this one convenient package.
You can now explore components and samples with the playground.
The Microsoft Graph Toolkit includes a collection of web components for the most commonly built experiences powered by Microsoft Graph APIs.
The components are also available as React components.
Providers enable authentication and provide the implementation for acquiring access tokens on various platforms and expose a Microsoft Graph Client for calling the Microsoft Graph APIs. The components work best when used with a provider, but the providers can be used on their own.
Watch the Getting Started Video
You can use the components by installing the npm package or importing them from a CDN (unpkg).
The benefits of using MGT through NPM is that you have full control of the bundling process and you can bundle only the code you need for your site. First, add the npm package:
npm install @microsoft/mgt-components
npm install @microsoft/mgt-msal2-provider
Now you can reference all components and providers at the page you are using:
<script type="module">
import { Providers } from 'node_modules/@microsoft/mgt-element/dist/es6/index.js';
import { Msal2Provider } from 'node_modules/@microsoft/mgt-msal2-provider/dist/es6/index.js';
import { registerMgtLoginComponent, registerMgtAgendaComponent } from 'node_modules/@microsoft/mgt-components/dist/es6/index.js';
Providers.globalProvider = new Msal2Provider({clientId: '[CLIENT-ID]'});
registerMgtLoginComponent();
registerMgtAgendaComponent();
</script>
<mgt-login></mgt-login>
<mgt-agenda></mgt-agenda>
The following script tag downloads the code from the CDN, configures an MSAL2 provider, and makes all the components available for use in the web page.
<script type="module">
import { registerMgtComponents, Providers, Msal2Provider } from 'https://unpkg.com/@microsoft/mgt@4';
Providers.globalProvider = new Msal2Provider({clientId: '[CLIENT-ID]'});
registerMgtComponents();
</script>
<mgt-login></mgt-login>
<mgt-agenda></mgt-agenda>
NOTE: This link will load the highest available version of @microsoft/mgt in the range
>= 4.0.0 < 5.0.0
, omitting the@4
fragment from the url results in loading the latest version. This could result in loading a new major version and breaking the application.
NOTE: MSAL requires the page to be hosted in a web server for the authentication redirects. If you are just getting started and want to play around, the quickest way is to use something like live server in vscode.
For general questions and support, please use Stack Overflow where questions should be tagged with microsoft-graph-toolkit
Please use GitHub Issues for bug reports and feature requests. We highly recommend you browse existing issues before opening new issues.
FAQs
The Microsoft Graph Toolkit
The npm package @microsoft/mgt receives a total of 7,364 weekly downloads. As such, @microsoft/mgt popularity was classified as popular.
We found that @microsoft/mgt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.