Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@smithy/middleware-stack
Advanced tools
Provides a means for composing multiple middleware functions into a single handler
@smithy/middleware-stack is a middleware stack implementation for the AWS SDK for JavaScript. It allows developers to compose middleware functions to handle requests and responses, enabling customization and extension of the SDK's behavior.
Adding Middleware
This feature allows you to add middleware to the stack. Middleware functions can intercept and modify requests and responses. The code sample demonstrates adding a logging middleware that logs the request and response.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const loggingMiddleware = (next) => async (args) => {
console.log('Request:', args);
const result = await next(args);
console.log('Response:', result);
return result;
};
stack.add(loggingMiddleware, {
step: 'initialize',
name: 'loggingMiddleware',
});
// Example usage with a handler
const handler = async (args) => {
return { data: 'response data' };
};
const composedHandler = stack.resolve(handler, {});
composedHandler({ input: 'request data' });
Removing Middleware
This feature allows you to remove middleware from the stack by its name. The code sample demonstrates adding and then removing a logging middleware.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const loggingMiddleware = (next) => async (args) => {
console.log('Request:', args);
const result = await next(args);
console.log('Response:', result);
return result;
};
stack.add(loggingMiddleware, {
step: 'initialize',
name: 'loggingMiddleware',
});
// Remove the middleware
stack.remove('loggingMiddleware');
Composing Middleware
This feature allows you to compose multiple middleware functions in a stack. The code sample demonstrates adding two middleware functions and composing them to handle a request.
const { MiddlewareStack } = require('@smithy/middleware-stack');
const stack = new MiddlewareStack();
const middleware1 = (next) => async (args) => {
console.log('Middleware 1');
return next(args);
};
const middleware2 = (next) => async (args) => {
console.log('Middleware 2');
return next(args);
};
stack.add(middleware1, { step: 'initialize', name: 'middleware1' });
stack.add(middleware2, { step: 'initialize', name: 'middleware2' });
// Example usage with a handler
const handler = async (args) => {
return { data: 'response data' };
};
const composedHandler = stack.resolve(handler, {});
composedHandler({ input: 'request data' });
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. It allows for the use of middleware to handle requests and responses, similar to @smithy/middleware-stack, but is focused on web server functionality.
Koa is a new web framework designed by the team behind Express, aiming to be a smaller, more expressive, and more robust foundation for web applications and APIs. Like @smithy/middleware-stack, Koa uses middleware to handle requests and responses, but it is designed for building web servers.
Redux is a predictable state container for JavaScript apps. It allows for middleware to intercept and handle actions, similar to how @smithy/middleware-stack handles requests and responses. However, Redux is focused on state management in front-end applications.
The package contains an implementation of middleware stack interface. Middleware stack is a structure storing middleware in specified order and resolve these middleware into a single handler.
A middleware stack has five Step
s, each of them represents a specific request life cycle:
initialize: The input is being prepared. Examples of typical initialization tasks include injecting default options computing derived parameters.
serialize: The input is complete and ready to be serialized. Examples of typical serialization tasks include input validation and building an HTTP request from user input.
build: The input has been serialized into an HTTP request, but that request may require further modification. Any request alterations will be applied to all retries. Examples of typical build tasks include injecting HTTP headers that describe a stable aspect of the request, such as Content-Length
or a body checksum.
finalizeRequest: The request is being prepared to be sent over the wire. The request in this stage should already be semantically complete and should therefore only be altered to match the recipient's expectations. Examples of typical finalization tasks include request signing and injecting hop-by-hop headers.
deserialize: The response has arrived, the middleware here will deserialize the raw response object to structured response
There are two ways to add middleware to a middleware stack. They both add middleware to specified Step
but they provide fine-grained location control differently.
You can add middleware to specified step with:
stack.add(middleware, {
step: "finalizeRequest",
});
This approach works for most cases. Sometimes you want your middleware to be executed in the front of the Step
, you can set the Priority
to high
. Set the Priority
to low
then this middleware will be executed at the end of Step
:
stack.add(middleware, {
step: "finalizeRequest",
priority: "high",
});
If multiple middleware is added to same step
with same priority
, the order of them is determined by the order of adding them.
In some cases, you might want to execute your middleware before some other known middleware, then you can use addRelativeTo()
:
stack.add(middleware, {
step: "finalizeRequest",
name: "myMiddleware",
});
stack.addRelativeTo(anotherMiddleware, {
relation: "before", //or 'after'
toMiddleware: "myMiddleware",
});
You can remove middleware by name one at a time:
stack.remove("Middleware1");
If you specify tags for middleware, you can remove multiple middleware at a time according to tag:
stack.add(middleware, {
step: "finalizeRequest",
tags: ["final"],
});
stack.removeByTag("final");
FAQs
Provides a means for composing multiple middleware functions into a single handler
The npm package @smithy/middleware-stack receives a total of 14,997,487 weekly downloads. As such, @smithy/middleware-stack popularity was classified as popular.
We found that @smithy/middleware-stack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.