Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@qpoint/router
Advanced tools
Intelligence at the edge - an edge router framework
Compose powerful edge capabilities to analyze, transform, reject, or proxy traffic as it passes through the edge to your apps.
Designed to run within worker runtimes, a qpoint router can be deployed trivially to edge networks like Cloudflare Workers and Deno Deploy, or with the help of Qpoint, deploy to any platform including your own servers.
import Router from '@qpoint/router'
import proxy from '@qpoint/proxy'
import maskUrls from '@qpoint/mask-urls'
import replaceContent from '@qpoint/replace-content'
import rewriteHtml from '@qpoint/rewrite-html'
// initialize and export the router
export default new Router()
// proxy request to app
.use(proxy({ appUrl:"https://qdemo.io" }))
// mask urls in html response
.use(maskUrls())
// replace occurrences of qdemo with qpoint
.use(replaceContent({ rules: [{ from: 'qdemo', to: 'qpoint' }] }))
// rewrite html (trigger htmlrewriter rules)
.use(rewriteHtml())
Adapters are middleware functions to be executed in a chain, each potentially modifying the request/response until finally returning the response.
Example: Reject the request (at the edge) if no auth is provided
router.use((ctx: Context, next: Function) => {
// check for the Authorization header
if (!ctx.request.headers.has("Authorization")) {
// set the response to unauthorized
ctx.response = new Response(null, { status: 401 });
// return without calling next() to terminate the chain
return
}
// continue the chain to the next
return next();
})
Each adapter receives a Qpoint Context object that wraps an incoming request and the corresponding response. ctx
is often used as the parameter name for the context object.
router.use(async (ctx: Context, next: Function) => { await next(); });
After each of the adapters have run, the response as set on the context will be returned.
A very common case for Qpoint is building intelligent proxies and load balancers, and since the original Request object cannot be modified, the proxy
is a copy of the original request that can be fetch
ed by a proxy or load-balancer adapter.
In such a scenario, adapters that need to modify the request before a proxy fetch occurs will sequencially modify or replace the proxy
instance as the chain progresses.
FAQs
Qpoint - an intelligent edge router framework
We found that @qpoint/router demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.