
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@salling-group/auth
Advanced tools
This library allows you to easily set up an Axios instance that can query the Salling Group API.
This will check if 2017-12-24 is a holiday by querying the Holidays API.
const { createInstance } = require('@salling-group/auth');
const instance = createInstance({
'applicationName': 'My Application v1.0.1',
'auth': {
'type': 'bearer',
'token': 'my_token',
},
});
instance.get('/v1/holidays/is-holiday', {
'params': {
'date': '2017-12-24',
},
}).then((response) => console.log(response.data));
The authentication library exposes two authentication methods for setting up an Axios instance. This means that you can use this instance as you would use Axios, and it will handle authentication for you.
The available authentication methods are Bearer and JWT. You can get your credentials on the developer portal.
getInstance(options: object): Instance
This function gets a new Axios instance with access to the Salling Group API
(given the provided credentials are correct and has access to the requested ressource).
The provided options object must contain an auth
object with the following specification:
Property | Value | Required | Description |
---|---|---|---|
type | 'jwt' or 'bearer' | Yes | The authentication type. This is either a JWT or a Bearer Token. |
token | String | If type is 'bearer' . | The token associared with the bearer token credentials. |
issuer | String | If type is 'jwt' . | The issuer associated with the JWT credentials. |
secret | String | If type is 'jwt' . | The secret associated with the JWT credentials. |
If you use a Bearer token, you can access the API like this:
const instance = createInstance({
'applicationName': 'My Application v1.0.1',
'auth': {
'type': 'bearer',
'token': 'my_token',
},
});
instance.get('/v1/stores/').then(response => {
console.log(response.data);
});
If you use a JWT, you can access the API like so:
const instance = createInstance({
'applicationName': 'My Application v1.0.1',
'auth': {
'type': 'jwt',
'issuer': 'my_issuer',
'secret': 'my_secret',
},
});
instance.get('/v1/stores/').then(response => {
console.log(response.data);
});
FAQs
Makes it easy to authenticate when using Salling Group's APIs.
We found that @salling-group/auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.