Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@mondaycom/apps-sdk
Advanced tools
This sdk is used to leverage some of the capabilities exposed via <monday-code />
:
string
and value can be any serializable type
(object, number, string, etc.)shared
:
false
(default) - The stored data will be accessible only you "backend" oriented apps (storage will not be shared between integrations and views).true
- The stored data will be accessible from both "backend" and "frontend" oriented apps.There are three methods exposed to manage the storage - set
, get
and delete
<ACCESS_TOKEN>
- access token of the customer/account the app is working on behalf ofimport { Storage } from '@mondaycom/apps-sdk';
const storage = new Storage('<ACCESS_TOKEN>');
key: string
- key to store the content forvalue: any
- value to storepreviousVersion?: string
- the last version of the stored value for a specific key (OPTIONAL)shared?: boolean
- whether the stored data will be accessible from both "backend" and "frontend" oriented apps (OPTIONAL)version: string
- the new version of the stored valueconst { version, success, error } = await storage.set(key, value, { previousVersion, shared });
const { value, version, success } = await storage.get(key, { shared });
const { success, error } = await storage.delete(key, { shared });
Secure storage
- when used in a deployed <monday-code/>
project it will automatically utilize the real secure storageLocal "secure storage"
- a local mock db which will mimic the api exposed by the real secure storage. Will work in this mode when sdk is used locally.
If there are no permissions to write files on the disk, Local "secure storage" will not be persisted
string
and value can be any type
(object, number, string, etc.)There are three methods exposed to manage the storage - set
, get
and delete
import { SecureStorage } from '@mondaycom/apps-sdk';
const secureStorage = new SecureStorage();
key: string
- key to store the content forvalue: any
- value to store (must be serializable)
value
await secureStorage.set(key, value);
const storedValue = await secureStorage.get(key);
await secureStorage.delete(key);
<monday-code/>
.$ mapps code:env -m set -k <key> -v <value>
There are two methods exposed to manage the environment variables - get
and getKeys
import { EnvironmentVariablesManager } from '@mondaycom/apps-sdk';
// Initialize the environment variables manager without injecting env into `process.env`
let envManager = new EnvironmentVariablesManager();
// Initialize the environment variables manager and inject env into `process.env`
envManager = new EnvironmentVariablesManager({ updateProcessEnv: true });
// Get cached environment variable
const cachedValue = envManager.get(key, { invalidate: false });
// Get the latest version of environment variable
const latestValue = envManager.get(key);
// Get all cached environment variables keys
const cachedKeys = envManager.getKeys({ invalidate: false });
// Get all environment variables keys
const latestKeys = envManager.getKeys();
logger
provides a simple way to log messages for your app in a project deployed <monday-code/>
.$ mapps code:logs
There are four methods exposed to manage the environment variables - info
, warn
, error
and debug
.
import { Logger } from '@mondaycom/apps-sdk';
const tag = 'my-app';
// tag will be added to every logged message
const logger = new Logger(tag);
logger.info('info message');
logger.warn('warn message');
logger.debug('debug message');
// Stack trace will be logged as well if error is provided
logger.error('error message', { error: new Error('error') });
FAQs
monday apps SDK for NodeJS
We found that @mondaycom/apps-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.