Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@superfaceai/parser
Advanced tools
Superface Parser compiles Superface profiles and maps into representation that can be interpreter using the Superface SDK.
Superface (super-interface) is a higher-order API, an abstraction on top of the modern APIs like GraphQL and REST. Superface is one interface to discover, connect, and query any capabilities available via conventional APIs.
Through its focus on application-level semantics, Superface decouples the clients from servers, enabling fully autonomous evolution. As such it minimizes the code base as well as errors and downtimes while providing unmatched resiliency and redundancy.
Superface allows for switching capability providers without development at a runtime in milliseconds. Furthermore, Superface decentralizes the composition and aggregation, and thus creates an Autonomous Integration Mesh.
Motivation behind Superface is nicely described in this video from APIdays conference.
You can get more information at https://superface.ai and https://docs.superface.ai/.
Install the parser into one of your projects:
yarn add @superfaceai/parser
const { basename } = require('path');
const { readFileSync } = require('fs');
const { inspect } = require('util');
const { Source, parseProfile } = require('@superfaceai/parser');
const path = process.argv[2];
const content = readFileSync(path, 'utf-8');
const source = new Source(content, basename(path));
const result = parseProfile(source);
console.log(inspect(result));
Superface is not man-in-the-middle so it does not require any access to secrets that are needed to communicate with provider API. Superface CLI only prepares super.json file with authorization fields in form of environment variable. You just set correct variables and communicate directly with provider API.
You can find more information in SDK repository.
If you need any additional support, have any questions or you just want to talk you can do that through our documentation page.
When developing, start with cloning the repository using git clone https://github.com/superfaceai/parser.git
(or git clone git@github.com:superfaceai/parser.git
if you have repository access).
After cloning, the dependencies must be downloaded using yarn install
or npm install
.
Now the repository is ready for code changes.
The package.json
also contains scripts (runnable by calling yarn <script-name>
or npm run <script-name>
):
test
- run all testslint
- lint the code (use lint:fix
to run autofix)format
- check the code formatting (use format:fix
to autoformat)prepush
- run test
, lint
and format
checks. This should run without errors before you push anything to git.Lastly, to build a local artifact run yarn build
or npm run build
.
Please open an issue first if you want to make larger changes
Feel free to contribute! Please follow the Contribution Guide.
Licenses of node_modules
are checked during push CI/CD for every commit. Only the following licenses are allowed:
Note: If editing the README, please conform to the standard-readme specification.
The Superface Parser is licensed under the MIT. © 2021 Superface
FAQs
Level 5 autonomous, self-driving API client, https://superface.ai
We found that @superfaceai/parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.