Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@podium/proxy
Advanced tools
Transparent http proxy. Dynamically mounts proxy targets on an existing HTTP server instance.
Transparent HTTP proxy. Dynamically mounts proxy targets on an existing HTTP server instance.
This module is intended for internal use in Podium and is not a module an end user would use directly. End users will typically interact with this module through higher level modules such as the @podium/layout and @podium/podlet modules.
$ npm install @podium/proxy
Attach a proxy target to an HTTP server.
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
// Set up proxy
const proxy = new Proxy();
// Register remote target(s) on separate namespace
proxy.register({
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
},
version: '1.0.0',
content: '/bar',
});
// Attach proxy to http server
const app = http.createServer(async (req, res) => {
const incoming = new HttpIncoming(req, res);
const result = await proxy.process(incoming);
// The proxy did return "undefined" so nothing matched our proxy
if (!result) {
res.statusCode = 404;
res.end('404 - Not found');
}
});
// Start appserver where proxy is attached
app.listen(9999);
Proxy is now mounted on: http://localhost:9999/podium-resource/bar/api
Create a new Proxy instance.
import Proxy from '@podium/proxy';
const proxy = new Proxy(options);
The constructor takes the following arguments:
An options object containing configuration. The following values can be provided:
pathname
- {String} - Pathname to the root of where the proxy is to be mounted. Default: /
.prefix
- {String} - Prefix used to namespace the proxy so its isolated from other routes in a HTTP server. Appended after pathname. Default: podium-resource
.timeout
- {Number} - Default value, in milliseconds, for how long a request should wait before the connection is terminated. Default: 6000maxAge
- {Number} - Default value, in milliseconds, for how long manifests should be cached. Default: Infinitylogger
- {Object} - A logger which conforms to the log4j interface. See the docs for abstract logger for more information.The Proxy instance havs the following API:
Registers proxy target(s) by providing a Podium manifest.
Example:
import Proxy from '@podium/proxy';
// Set up proxy
const proxy = new Proxy();
// Register remote target(s) on separate namespace
proxy.register('podlet-name-in-layout', {
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
},
version: '1.0.0',
content: '/bar',
});
Name for the registered podlet. This will be part of the URL to distinguish the podlets proxy endpoints in the URL space.
A Podium manifest where the proxy
property is given. The proxy
property is
an object where the key
identifies the target and the property
is a URI to
the target.
Metod for processing a incoming HTTP request. Matches the request against the registered routing targets and proxies the request if a match is found.
Returns a promise. When resolving the passed in HttpIncoming object will be returned.
If the inbound request matches a proxy endpoint and a proxy request was
successfully performed, the .proxy
property on the returned HttpIncoming
object will be true
. If the inbound request did not yeld a proxy request, the
.proxy
property on the returned HttpIncoming object will be false
.
The method takes the following arguments:
An instance of an HttpIncoming class.
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
const proxy = new Proxy();
proxy.register({ ...[snip]... });
const app = http.createServer(async (req, res) => {
const incoming = new HttpIncoming(req, res);
const result = await proxy.process(incoming);
if (result.proxy) return;
res.statusCode = 404;
res.end('404 - Not found');
});
Property that exposes a metric stream.
Exposes a single metric called podium_proxy_request
which includes podlet
and proxy
meta fields.
Please see the @metrics/client module for full documentation.
Returns an Array of all loaded manifests ready to be used by .load()
.
Loads an Array of manifests (provided by .dump()
) into the proxy. If any of
the items in the loaded Array contains a key which is already in the cache, the
entry in the cache will be overwritten.
If any of the entries in the loaded Array are not compatible with the format
which .dump()
exports, they will not be inserted into the cache.
Returns an Array with the keys which were inserted into the cache.
To be able to have multiple proxy targets in an HTTP server we need to make sure that they do not collide with each other. To prevent this, each proxy target defined is mounted on its own separate namespace in an HTTP server.
The convention for these namespaces is as follow:
{pathname}/{prefix}/{podletName}/{proxyName}/
pathname
argument in the constructor. Defaults to /
.prefix
argument in the constructor. Defaults to podium-resource
.name
value in the manifest. Note: When the proxy module subscribes to receive manifest updates from the Podium Client, this name will be the name a Podlet is registered with in the Podium Client.proxy.name
property defined in the manifest.If one has the following manifest defined in an express server:
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
const proxy = new Proxy();
proxy.register({
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
},
version: '1.0.0',
content: '/index.html',
});
const app = http.createServer(async (req, res) => {
...[snip]...
});
app.listen(8000);
The following proxy targets will be mounted:
If one has the following manifest and overrides the prefix
on the constructor:
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
const proxy = new Proxy({
prefix: '/my-proxy',
});
proxy.register({
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
},
version: '1.0.0',
content: '/index.html',
});
const app = http.createServer(async (req, res) => {
...[snip]...
});
app.listen(8000);
The following proxy targets will be mounted:
If one has the following manifest defined in an express server:
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
const proxy = new Proxy();
proxy.register({
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
feed: '/feed',
},
version: '1.0.0',
content: '/index.html',
});
const app = http.createServer(async (req, res) => {
...[snip]...
});
app.listen(8000);
The following proxy targets will be mounted:
If one has the following manifests defined in an express server:
import { HttpIncoming } from '@podium/utils';
import Proxy from '@podium/proxy';
import http from 'http';
const proxy = new Proxy();
proxy.register({
name: 'bar',
proxy: {
api: 'http://www.external.com/some/path',
feed: '/feed',
},
version: '1.0.0',
content: '/index.html',
});
proxy.register({
name: 'foo',
proxy: {
users: 'http://www.anywhere.com/api',
},
version: '2.0.0',
content: '/index.html',
});
const app = http.createServer(async (req, res) => {
...[snip]...
});
app.listen(8000);
The following proxy targets will be mounted:
Copyright (c) 2019 FINN.no
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Transparent http proxy. Dynamically mounts proxy targets on an existing HTTP server instance.
The npm package @podium/proxy receives a total of 592 weekly downloads. As such, @podium/proxy popularity was classified as not popular.
We found that @podium/proxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.