Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@superfaceai/one-sdk
Advanced tools
Website | Get Started | Documentation | Discord | Twitter | Support
One SDK for all the APIs you want to integrate with.
OneClient
is a universal API client which provides an unparalleled developer experience for every HTTP API. It enhances resiliency to API changes, and comes with built-in integration monitoring and provider failover.
For more details about Superface, visit How it Works and Get Started.
To install OneSDK into the project, run:
npm install @superfaceai/one-sdk@alpha
OneClient uses three files (also called Comlink) which together make the integration:
/
and required name [scope/]<name>
To glue all the parts together, OneClient uses name and file structure convention.
.
└── superface/ - directory with all the Comlinks in project root
├── <profileScope>.<profileName>.profile - profile file
├── <providerName>.provider.json - provider file
├── <profileScope>.<profileName>.<providerName>.map.js - map file
└── ... - repeat for all the Comlinks
As an example, lets send an email with Mailchimp. The use-case is described in the profile communication/send-email and the map with implementation.
superface
in the root of your project./
with .
. So, the profile with name communication/send-email
have corresponding filename communication.send-email.profile
.mailchimp
have corresponding filename mailchimp.provider.json
.communication.send-email.mailchimp.map.js
.The final structure should look like this:
.
└── superface/
├── communication.send-email.mailchimp.map.js
├── communication.send-email.profile
└── mailchimp.provider.json
Create index.mjs
file with following content and update
import { OneClient } from '@superfaceai/one-sdk';
async function main() {
const client = new OneClient();
const profile = await client.getProfile('<profileName>');
const result = await profile.getUseCase('<usecaseName>').perform({
// Input parameters as defined in profile:
'<key>': '<value>'
},
{
provider: '<providerName>',
parameters: {
// Provider specific integration parameters:
'<integrationParameterName>': '<integrationParameterValue>'
},
security: {
// Provider specific security values:
'<securityValueId>': {
// Security values as described in provider or on profile page
}
}
});
console.log(result.unwrap());
}
main();
Then run the script with:
node --experimental-wasi-unstable-preview1 index.mjs
OneSDK uses ECMAScript modules. More on using ECMAScript modules is well described in Pure ESM Package guide.
The main difference compared to Node.js is a need to use a virtual filesystem to load the Comlink files. It is needed due to the deployment process, where all files need to be bundled together.
import { OneClient, PerformError, UnexpectedError } from '@superfaceai/one-sdk/cloudflare';
import profileFile from '../superface/[scope.]<name>.profile';
import mapFile from '../superface/[scope.]<name>.<providerName>.map.js';
import providerFile from '../superface/<providerName>.provider.json';
export default {
async fetch(request, env, ctx) {
const url = new URL(request.url);
const client = new OneClient({
env: {
ONESDK_LOG: 'info' // use `debug` or `trace` for development debugging
},
// preopens describes the virtual filesystem whith the OneClient file convention mapped to assets
preopens: {
'superface/[scope.]<name>.profile': new Uint8Array(profileFile),
'superface/[scope.]<name>.<providerName>.map.js': new Uint8Array(mapFile),
'superface/<providerName>.provider.json': new Uint8Array(providerFile)
}
});
const profile = await client.getProfile('<profileName>'); // profile id as defined in *.profile
const usecase = profile.getUseCase('<usecaseName>'); // use case name as defined in the profile
const result = usecase.perform(
// Input parameters as defined in profile:
'<key>': '<value>'
// provider configuration
{
provider: '<providerName>', // provider name as defined in *.provider.json
parameters: {
// Provider specific integration parameters:
'<integrationParameterName>': '<integrationParameterValue>'
},
security: {
// Provider specific security values:
'<securityValueId>': {
// Security values as described in provider or on profile page
}
}
}
);
try {
// result as defined in the profile
const ok = await result;
return new Response(`Result: ${JSON.stringify(ok, null, 2)}`);
} catch (error) {
if (error instanceof PerformError) {
// error as defined in the profile
return new Response(`Error: ${JSON.stringify(error.errorResult, null, 2)}`, { status: 400 });
} else {
// exception - should not be part of a normal flow
return new Response(`${error.name}\n${error.message}`, { status: 500 });
}
}
}
}
Check full demo with Shopify use-cases and more details.
The next-gen OneSDK is still in alpha stage and several features are not yet implemented. We welcome any and all feedback. The current limitations include:
OneSDK Client can't be instantiated in the global scope
Build-time integrations only
Integrations monitoring won't work
OneSDK is licensed under the MIT License.
© 2023 Superface s.r.o.
FAQs
OneSDK is a universal API client which provides an unparalleled developer experience for every HTTP API
The npm package @superfaceai/one-sdk receives a total of 248 weekly downloads. As such, @superfaceai/one-sdk popularity was classified as not popular.
We found that @superfaceai/one-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.