Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@shopify/koa-shopify-webhooks
Advanced tools
@shopify/koa-shopify-webhooks
Register and receive webhooks from Shopify with ease. This package was created primarily for use with @shopify/koa-shopify-auth
and friends.
$ yarn add @shopify/koa-shopify-webhooks
function registerWebhook(options: {
address: string;
topic: Topic;
format: string;
accessToken: string;
shop: string;
}): {success: boolean; result: any};
Registers a webhook for the given topic
which will send requests to the given address
. Returns an object with success true
/ false
to indicate success or failure, as well as the parsed JSON of the response from Shopify. This function will throw if the fetch request it makes encounters an error.
function receiveWebhook({
secret: string;
// only respond to requests to this path
path?: string;
// call this function when a valid webhook is received
onReceived?(ctx: Context, next: () => unknown);
}): Middleware;
Creates a middleware that will verify whether incoming requests are legitimately from Shopify. Extracts webhook data into context or terminates the middleware chain.
import 'isomorphic-fetch';
import Koa from 'koa';
import session from 'koa-session';
import shopifyAuth, {verifyRequest} from '@shopify/koa-shopify-auth';
// Import our package
import {receiveWebhook, registerWebhook} from '@shopify/koa-shopify-webhooks';
const {SHOPIFY_API_KEY, SHOPIFY_SECRET} = process.env;
const app = new Koa();
app.keys = [SHOPIFY_SECRET];
app.use(session(app));
app.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_SECRET,
scopes: ['write_orders, write_products'],
async afterAuth(ctx) {
const {shop, accessToken} = ctx.session;
// register a webhook for product creation
const registration = await registerWebhook({
// for local dev you probably want ngrok or something similar
address: 'www.mycool-app.com/webhooks/products/create',
topic: 'products/create',
accessToken,
shop,
});
if (registration.success) {
console.log('Successfully registered webhook!');
} else {
console.log('Failed to register webhook', registration.result);
}
ctx.redirect('/');
},
}),
);
app.use(
// receive webhooks
receiveWebhook({
path: '/webhooks/products/create',
secret: SHOPIFY_SECRET,
// called when a valid webhook is received
onReceived(ctx) {
console.log('received webhook: ', ctx.state.webhook);
},
}),
);
app.use(verifyRequest());
app.use(ctx => {
/* app code */
});
koa-router
and multiple webhooksimport 'isomorphic-fetch';
import Koa from 'koa';
import router from 'koa-router;
import session from 'koa-session';
import shopifyAuth, {verifyRequest} from '@shopify/koa-shopify-auth';
// Import our package
import {receiveWebhook, registerWebhook} from '@shopify/koa-shopify-webhooks';
const {SHOPIFY_API_KEY, SHOPIFY_SECRET} = process.env;
const app = new Koa();
const router = new Router();
app.keys = [SHOPIFY_SECRET];
app.use(session(app))
app.use(
shopifyAuth({
apiKey: SHOPIFY_API_KEY,
secret: SHOPIFY_SECRET,
scopes: ['write_orders, write_products'],
async afterAuth(ctx) {
const {shop, accessToken} = ctx.session;
await registerWebhook({
address: 'www.mycool-app.com/webhooks/products/create',
topic: 'products/create',
accessToken,
shop,
});
await registerWebhook({
address: 'www.mycool-app.com/webhooks/orders/create',
topic: 'orders/create',
accessToken,
shop,
});
ctx.redirect('/');
},
}),
);
const webhook = receiveWebhook({secret: SHOPIFY_SECRET});
router.post(
'/webhooks/products/create',
webhook,
() => {
/* handle products create */
},
);
router.post(
'/webhooks/products/create',
webhook,
() => {
/* handle orders create */
},
);
router.get('*', verifyRequest(), () => { /* app code */ })
app.use(router.allowedMethods());
app.use(router.routes());
Make sure to install a fetch polyfill, since internally we use it to make HTTP requests.
In your terminal
$ yarn add isomorphic-fetch
In your app
import 'isomorphic-fetch'
OR
require('isomorphic-fetch')
FAQs
Receive webhooks from Shopify with ease
The npm package @shopify/koa-shopify-webhooks receives a total of 1,871 weekly downloads. As such, @shopify/koa-shopify-webhooks popularity was classified as popular.
We found that @shopify/koa-shopify-webhooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 24 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.