Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@spotify-confidence/sdk
Advanced tools
JavaScript implementation of the Confidence SDK, enables event tracking and feature flagging capabilities in conjunction wth the OpenFeature Web SDK.
To add the packages to your dependencies run:
yarn add @spotify-confidence/sdk
Run the Confidence.create
function to obtain a root instance of Confidence
.
import { Confidence } from '@spotify-confidence/sdk';
const confidence = Confidence.create({
clientSecret: 'mysecret',
region: 'eu',
environment: 'client',
timeout: 1000,
});
The region option is used to set the region for the network request to the Confidence backend. When the region is not set, the default (global) region will be used.
The current regions are: eu
and us
, the region can be set as follows:
const provider = createConfidenceWebProvider({
region: 'eu', // or 'us'
// ... other options
});
The timeout option is used to set the timeout for the feature flag resolve network request to the Confidence backend. When the timeout is reached, default values will be returned.
You can set the context manually by using setContext({})
:
confidence.setContext({ 'pants-color': 'yellow' });
or obtain a "child instance" of Confidence with a modified context by using withContext({})
const childInstance = confidence.withContext({ 'pants-color': 'blue', 'pants-fit': 'slim' });
At this point, the context of childInstance
is 'pants-color': 'blue', 'pants-fit': 'slim'
while the context of confidence
remains {'pants-color': 'yellow'}
.
[!IMPORTANT] When using the SDK in a server environment, you should call
withContext
rather thansetContext
. This will give you a new instance scoped to the request and prevent context from leaking between requests.
Use confidence.track()
from any Confidence instance to track an event in Confidence. Any context data set on the instance will be appended to the tracking event.
confidence.track('event_name', { 'message-detail1': 'something interesting' });
Confidence supports automatically tracking certain things out of the box and supports API's for you to extend that functionality.
Confidence can provide all flag resolves and tracking events with a browser specific identifier. We call this visitor_id
.
The visitor_id
is stored in a cookie. To add a generated visitor_id
to the context, use the following:
import { visitorIdentity } from './trackers';
confidence.track(visitorIdentity());
Confidence can automatically track page views
on events such as load
, pushState
, replaceState
, popstate
and hashchange
.
To automatically track page views
, use the following:
import { Confidence, pageViews } from '@spotify-confidence/sdk';
confidence.track(pageViews());
To automatically send tracking events containing web vitals data, use:
import { Confidence, webVitals } from '@spotify-confidence/sdk';
confidence.track(webVitals());
FAQs
Unknown package
The npm package @spotify-confidence/sdk receives a total of 304 weekly downloads. As such, @spotify-confidence/sdk popularity was classified as not popular.
We found that @spotify-confidence/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.