Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@superfaceai/one-sdk
Advanced tools
Website | Get Started | Documentation | GitHub Discussions | Twitter | Support
One SDK for all the APIs you want to integrate with.
OneClient
is a universal API client which provides an unparalleled developer experience for every HTTP API. It enhances resiliency to API changes, and comes with built-in integration monitoring and provider failover.
For more details about Superface, visit How it Works and Get Started.
To install OneSDK into the project, run:
npm install @superfaceai/one-sdk@beta
OneClient uses three files (also called Comlink) which together make the integration:
/
and required name [scope/]<name>
To glue all the parts together, OneClient uses name and file structure convention.
.
└── superface/ - directory with all the Comlinks in project root
├── <profileScope>.<profileName>.profile - profile file
├── <providerName>.provider.json - provider file
├── <profileScope>.<profileName>.<providerName>.map.js - map file
└── ... - repeat for all the Comlinks
As an example, lets send an email with Mailchimp. The use-case is described in the profile communication/send-email and the map with implementation.
superface
in the root of your project./
with .
. So, the profile with name communication/send-email
have corresponding filename communication.send-email.profile
.mailchimp
have corresponding filename mailchimp.provider.json
.communication.send-email.mailchimp.map.js
.The final structure should look like this:
.
└── superface/
├── communication.send-email.mailchimp.map.js
├── communication.send-email.profile
└── mailchimp.provider.json
Create index.mjs
file with following content and update:
import {
OneClient,
PerformError,
UnexpectedError,
ValidationError,
} from '@superfaceai/one-sdk';
const client = new OneClient();
const profile = await client.getProfile('<profileName>');
try {
const result = await profile.getUseCase('<usecaseName>').perform(
{
// Input parameters as defined in profile:
'<key>': '<value>',
},
{
provider: '<providerName>',
parameters: {
// Provider specific integration parameters:
'<integrationParameterName>': '<integrationParameterValue>',
},
security: {
// Provider specific security values:
'<securityValueId>': {
// Security values as described in provider or on profile page
},
},
}
);
console.log('RESULT:', result);
} catch (e) {
if (e instanceof PerformError) {
console.log('ERROR RESULT:', e.errorResult);
} else if (e instanceof ValidationError) {
console.error('VALIDATION ERROR:', e.message);
} else if (e instanceof UnexpectedError) {
console.error('ERROR:', e);
} else {
throw e;
}
}
Then run the script with:
node index.mjs
Note: If you are running Node.js before version 18.17.0
you need to enable WASI by providing flag to Node.js:
node --experimental-wasi-unstable-preview1 index.mjs
OneSDK uses ECMAScript modules. More on using ECMAScript modules is well described in Pure ESM Package guide.
The next-gen OneSDK is still in beta stage and several features are not yet implemented. We welcome any and all feedback. The current limitations include:
OneSDK is licensed under the MIT License.
© 2023 Superface s.r.o.
FAQs
OneSDK is a universal API client which provides an unparalleled developer experience for every HTTP API
We found that @superfaceai/one-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.