Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@mpxjs/api-proxy
Advanced tools
convert API at each end 各个平台之间 api 进行转换
// 使用 mpx 生态
import mpx from '@mpxjs/core'
import apiProxy from '@mpxjs/api-proxy'
mpx.use(apiProxy, options)
// 单独使用
import apiProxy from '@mpxjs/api-proxy'
apiProxy(target, options) // target 为要抹平的对象
参数名称 | 类型 | 含义 | 是否必填 | 默认值 | 备注 |
---|---|---|---|---|---|
platform | Object | 各平台之间的转换 | 否 | { from:'', to:'' } | 使用 mpx 脚手架配置会自动进行转换,无需配置 |
exclude | Array(String) | 跨平台时不需要转换的 api | 否 | [] | - |
custom | Object | 自定义对应平台的转换规则 | 否 | {} | - |
usePromise | Boolean | 是否将 api 转化为 promise 格式使用 | 否 | false | - |
whiteList | Array(String) | 强行转化为 promise 格式的 api | 否 | [] | 需要 usePromise 设为 true |
import mpx from '@mpxjs/core'
import apiProxy from '@mpxjs/api-proxy'
mpx.use(apiProxy, {
exclude: ['showToast'] // showToast 将不会被转换为目标平台
})
mpx.showModal({
title: '标题',
content: '这是一个弹窗',
success (res) {
if (res.cancel) {
console.log('用户点击取消')
}
}
})
import mpx from '@mpxjs/core'
import apiProxy from '@mpxjs/api-proxy'
mpx.use(apiProxy, {
usePromise: true,
custom: { // 自定义微信到百度的 compressImage 转换规则,支持 wx、ali、swan、qq、tt
'wx_swan': {
compressImage (options = {}) {
const res = {}
// TODO
options.success && options.success(res)
}
}
}
})
mpx.showActionSheet({
itemList: ['A', 'B', 'C']
})
.then(res => {
console.log(res.tapIndex)
})
.catch(err => {
console.log(err)
})
FAQs
convert miniprogram API at each end
The npm package @mpxjs/api-proxy receives a total of 39 weekly downloads. As such, @mpxjs/api-proxy popularity was classified as not popular.
We found that @mpxjs/api-proxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.